Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
1-26
Overview
Deployment Options for Routing Mode—Threat Protection
i. Extend internal VLANs to the host switch but remove IP
addresses on those VLANs from the switch.
ii. Associate the internal VLANs with zones on the TMS zl Module
(the Internal zone or Zone1 to Zone6) and assign the module a
valid IP address on each VLAN. Typically, assign the module the
IP addresses that you removed from the host switch.
iii. Configure the module as the default router for these VLANs (for
example, in DHCP scopes).
For more information about this option, see “Internal Threat Protec-
tion” on page 1-13.
11. Configure routing.
You should have already created a default route for external traffic (see
step 9). If the host switch or a core switch is routing internal traffic, create
a route or routes to the internal subnets. The next-hop router should be
the IP address of the switch on the VLAN that you added to the Internal
zone.
Instead of creating static routes, you can configure dynamic routing.
See page 1-60: “Routing” for an overview and Chapter 9: “Routing” for
detailed instructions.
12. Optionally, configure the TMS zl Module’s firewall.
To control incoming external traffic, create access policies that specify
the External zone as the source zone. To allow endpoints to reach the
external network, create access policies that specify the External zone as
the destination zone.
If the module is routing and controlling internal traffic, you must create
access policies to allow users to reach the proper resources.
See “Firewall” on page 1-38 for an overview of the firewall and Chapter 4:
“Firewall” for detailed instructions.
13. Optionally, configure the TMS zl Module’s IDS/IPS.
See “IDS/IPS” on page 1-33 for an overview and Chapter 6: “Intrusion
Detection and Prevention” for detailed instructions.
14. Optionally, configure the TMS zl Module to perform NAT.
See “Network Address Translation (NAT)” on page 1-54 for an overview
and Chapter 5: “Network Address Translation” for detailed instructions.
15. Optionally, configure the TMS zl Module as a VPN gateway.