Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
1-40
Overview
Firewall
The TMS zl Module can resolve the IP address for a DNS name and
match the policy to packets with that source address.
Warning When the TMS zl Module evaluates a firewall access policy that
contains a domain name that cannot be resolved, it terminates eval-
uation and denies the session. As a result of this safeguard, a DNS
failure can deny traffic that would otherwise be allowed by subse-
quent policies. A best practice is to place policies that use domain
names at near to the end of the policy list as possible in order to
mitigate the impact of DNS failures.
Source port
Destination IP address or destination DNS name
The TMS zl Module can resolve the IP address for a DNS name and
match the policy to packets with that destination address.
Whether IPS is enabled for sessions established with this policy
Whether logging is enabled for traffic that matches this policy
Optional: The user group to which the policy applies
Optional: A schedule to control when the policy applies
Optional: Rate-limiting settings for sessions that are established with this
policy
Note When configuring access policies in the Web browser interface, most settings
are configured in the Add Policy (or Edit Policy) window. However, you select
the user group for an access policy before adding the policy itself. For more
information about configuring access policies, see Chapter 4: “Firewall.”
Unicast Policies Versus Multicast Policies
Unicast policies control traffic that originates from a single IP address and is
destined to a single IP address. For example, a request to a Web server is
unicast traffic. Most traditional traffic is unicast. A multicast policy applies to
traffic that is destined to a multicast address. Multicast addresses are between
224.0.0.0 and 239.255.255.255. Traffic destined to a multicast address is deliv-
ered to any endpoint that has joined the group for that address. Multicasting
is often used for applications such as video streaming as well as some routing
protocols.