TMS zl Management and Configuration Guide ST.1.1.100226

4-4

Firewall

Overview

This chapter covers the configuration of the TMS zl Module firewall, including

these features:

■ “Named Objects” on page 4-9

■ “Firewall Access Policies” on page 4-22

■ “User Authentication” on page 4-47

■ “Application-Level Gateways (ALGs)” on page 4-87

■ “Attack Checking” on page 4-102

■ “Connection Timeouts” on page 4-112

■ “Resource Allocation” on page 4-115

■ “IP Reassembly” on page 4-126

It is best practice to configure named objects before you set up firewall access

policies. You can choose when and whether complete other tasks according

to the requirements of your system.

The section below provides general background information about firewalls

and an internal firewall, in particular.

General Firewall Concepts

This section provides background information on firewall concepts.

Need for an Internal Firewall

In the past, corporate networks were defined by clear, distinct boundaries,

and network administrators implemented security using an “us versus them”

mentality. Their job was to protect the inside, trusted network (us) against

would-be attackers on the outside (them).

To provide this protection, the first line of defense for any network has always

been a firewall—a collection of components configured to enforce a specific

access control policy between an internal (trusted) network and any other

(untrusted) network. Firewalls filter incoming and outgoing packets to ensure

that only authorized packets pass.