Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-14
Overview
Deployment Options for Routing Mode—Threat Protection
Internal VPN. You might implement a client-to-site VPN within the internal
network when you have resources that require particularly strong protection.
Configure VPN policies on the TMS zl Module to require encryption for all
traffic destined to or from these resources. Then configure VPN clients on the
high-security resources and the endpoints allowed to access those resources.
Alternatively, if you have another VPN gateway, you can install that gateway
in front of the high-security resources. Then configure a site-to-site VPN
between the TMS zl Module and that gateway.
Internal NAT. Traditionally, NAT translates IP addresses between two sep-
arate networks. However, the TMS zl Module can implement NAT internally.
For example, you might want to conceal your company’s private IP addresses
from users in a guest VLAN, or you might need to merge two networks that
have similar addressing schemes.
Deployment Location for Internal Threat Protection
This section explains where to deploy a routing-mode TMS zl Module for
internal threat protection.
The TMS zl Module does not need to stand in-line between internal endpoints
and network resources because it receives network traffic by acting as the
router for that traffic. Typically, you would install the module in a core
ProCurve Series 5400zl switch or a core ProCurve 8212zl switch.