Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
1-28
Overview
Deployment Options for Routing Mode—Threat Protection
users, install it in a location where it can act as the VPN gateway. There are
no rigid rules about the deployment location. You must simply ensure that the
module routes the traffic that arrives from the users that you want to control.
Deployment Tasks for Access Control with Authentication
You must complete these tasks to deploy your TMS zl Module so that it
provides access control with authentication:
1. Do one of the following:
Perform the deployment tasks for internal threat protection, as shown
in “Deployment Tasks for Internal Threat Protection” on page 1-15.
Perform the deployment tasks for perimeter protection as shown in
“Deployment Tasks for Perimeter Threat Protection” on page 1-23
2. Configure authentication:
a. Create user groups.
b. Configure the credential repository in one of these ways:
Create accounts on the local database.
Configure proxy to another RADIUS server. On that RADIUS
server, add the TMS zl Module as a client.
See “User Authentication” in Chapter 4: “Firewall” for detailed instruc-
tions.
3. Configure the group-based access policies in one of these ways:
On the TMS zl Module (static policies)
Create firewall access policies that are specific to the group. See
“Access Policies” on page 1-39 for an overview of policies and “Fire-
wall Access Policies” in Chapter 4: “Firewall” for detailed instruc-
tions.
On an external RADIUS server
See the documentation for your RADIUS server. You can also use HP
ProCurve Identity Driven Manager (IDM) to easily configure granular
policies on the external RADIUS server.