Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
1-39
Overview
Firewall
Note Traffic that is transmitted between devices on the same TMS VLAN is not
filtered by the TMS zl Module in routing mode.
You control the traffic that passes through the firewall with firewall access
policies. The following sections give more information.
Access Policies
The TMS zl Module supports up to 20,000 access policies. The module deter-
mines which group of policies apply to a particular packet according to these
criteria:
Whether the traffic is unicast or multicast
The module’s Web browser interface displays unicast policies on the
Firewall > Access Policies >Unicast window and multicast policies on the
Firewall > Access Policies > Multicast window.
The user group associated with the source IP address
User groups apply when the TMS zl Module enforces authentication (see
“Access Control with Authentication” on page 1-27).
In the module’s Web browser interface, you can see the policies that apply
to a user group by selecting the group from the User Group list on the
Firewall > Access Policies > Unicast window.
The packet’s source and destination zones
A packet’s source zone is the zone of the TMS VLAN on which the TMS zl
Module receives the packet. This TMS VLAN might be the source device’s
own VLAN, or it might be the VLAN of the router that routed the traffic to
the module.
The destination zone is the zone of the TMS VLAN on which the packet is
forwarded (which the module determines using its routing table).
Access Policy Settings
In particular, an access policy includes these settings:
Permit (forward) or deny (drop) matching traffic
Source zone and destination zone
Header values against which the packet is matched:
Protocol
Service (protocol and destination port)
Source IP address or source DNS name