Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
1-41
Overview
Firewall
User Group
You can create different sets of access policies for each user group that is
configured on the module—as well as a set of access policies that apply to all
users not assigned to a group.
When a user authenticates to your network through the TMS zl Module, the
module assigns the authenticated user’s IP address to the user group. The
module then applies the set of access policies that are configured for that
group to traffic received from that source address. If no policy matches, then
the default access policies (None user group) are applied.
Traffic that does not come from authenticated users is filtered by the None
user group.
Note User groups apply only to unicast access policies.
Schedules
When you create an access policy, you can create and select a schedule object
for it. A schedule object includes these settings:
Days of the week
A time period—for example, 08:00 to 17:00
If a packet matches a policy but the packet arrives at a time when the policy
is inoperable, the packet is dropped. If an access policy does not have a
schedule, the policy applies it at all times.
Warning The TMS zl Module derives its time information from the host switch. If the
time and date are not correct on the switch, scheduled access policies will not
be properly applied.
For example, suppose you have configured these External-to-Internal access
policies:
Permit any external device access to the internal HTTP server. The policy
does not specify a schedule object.
Permit all external devices access to the internal FTP server. The policy’s
schedule object specifies every day except Sunday.
With this configuration, external users can access the HTTP server at any time.
They can access the FTP server on any day except Sunday.