TMS zl Management and Configuration Guide ST.1.0.090213
1-18
Overview
Deployment Options for Routing Mode—Threat Protection
– If an external router is the default gateway, this VLAN is the
TMS VLAN on which the host switch connects to the external
router.
If this VLAN does not already exist on the host switch, extend the
VLAN to the switch.
b. On the TMS zl Module, associate this VLAN with a zone (External is
recommended). Assign the module an IP address on the TMS VLAN—
often the address that you removed from the host switch on that
VLAN.
However, if the host switch is the default gateway, assign the TMS zl
Module a different IP address. You must also allow the switch to have
an IP address on the TMS VLAN when you associate the VLAN with
the zone.
c. On the TMS zl Module, specify the IP address of the default gateway.
This address should be on the TMS VLAN that you just added.
d. On the default gateway device, verify that a route or routes to the
other TMS VLANs exist. The routes’ gateway (next-hop router)
should be the TMS zl Module’s IP address on the TMS VLAN that you
just added.
For more detailed instructions on this step, see “Boot the TMS zl Module
to the Product OS” in Chapter 2: “Initial Setup in Routing Mode.”
If you prefer, you can now access the TMS zl Module’s Web browser
interface to complete the remaining tasks. At this point, you should
manage the TMS zl Module from a station in the same TMS VLAN that you
added to the module in step 9. Later, you can associate other VLANs with
this zone and manage the module from those TMS VLANs. You can also
enable management access on other zones.
11. Add more TMS VLANs. That is, associate each VLAN with a zone and
configure an IP address on the TMS zl Module for each TMS VLAN.
When you associate a VLAN with a zone, the module’s data port (port 1)
is automatically tagged for that VLAN.