Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
1-66
Overview
Feature Interaction
Feature Interaction
This section explains how the TMS zl Module’s various capabilities work
together to protect your network from threats.
Packet Flow on the TMS zl Module
Understanding how packets flow through the TMS zl Module helps you to
understand how features interact.
Packet Flow in Routing Mode
In routing mode, the TMS zl Module applies features in this order:
1. VPN (decrypting incoming traffic)
2. Firewall attack checks
3. Pre-NAT firewall port triggers and ALGs
4. Firewall access policies
5. IDS/IPS
6. NAT
7. Post-NAT IDS/IPS
8. Post-NAT firewall port triggers and ALGs
9. VPN (encrypting outgoing traffic)
The complete process is as follows:
1. The TMS zl Module receives a packet on a VLAN that is tagged on its
internal port 1.
Remember how the packet is passed to the module:
a. When an endpoint needs to send a packet to another subnet, it
addresses the encapsulating frame to the MAC address of its default
router, the TMS zl Module.
Or a router routes a packet, and the TMS zl Module is the next-hop
router.
b. The TMS zl Module’s switch receives the frame and forwards it to the
module on the VLAN on which it received it.