TMS zl Management and Configuration Guide ST.1.0.090213
1-13
Overview
Deployment Options for Routing Mode—Threat Protection
Deployment Options for Routing
Mode—Threat Protection
The TMS zl Module in routing mode can protect your network in many ways.
This section covers several use models for deploying the module in routing
mode. Each use model explains the reasons for selecting the deployment
option, the services that are provided by the TMS zl Module, and a list of tasks
that must be performed to deploy and configure the module.
Internal Threat Protection
The TMS zl Module in routing mode can protect your private network from
internal threats much as a traditional security device protects your network
from external threats. You would select this use model if you have less-trusted
users inside your network perimeter or if you want to control how your
internal users access and use your network.
Internal Threat Protection Overview
In routing mode, the TMS zl Module provides two primary means of threat
protection:
■ IPS
■ Firewall
The IPS blocks known DoS attacks, exploits, worms, viruses, and other
threats. The firewall both blocks DoS attacks and provides access control,
which means that the firewall enforces policies that control which endpoints
access which network resources. The firewall might deny traffic from one
endpoint while permitting it from another endpoint. In addition to controlling
which resources individual users can access, the TMS zl Module’s firewall can
control how users access the resources—for example, how much bandwidth
is devoted to particular types of traffic or even when certain resources are
accessed.
According to your needs, you can enable either the IPS or the firewall or both.