Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
391392393394395396397398399400
4-100
Firewall
Port Triggers
Caution An explicit firewall access policy that denies the ports that a port trigger
attempts to open dynamically can interfere with the port trigger. Therefore,
when you create access policies you should simply permit the ports that you
want to open permanently. Then allow the TMS zl Module to deny all other
traffic implicitly, which is the module’s automatic behavior. Do not create an
explicit policy to deny all other traffic.
Example Port Trigger
In this example, a port trigger will be added for an application which uses TCP
1584–1585 for its control connections, then opens TCP 51200–51201 and TCP
51210 for inbound packets and UDP 7175 and TCP 8680–8686 for outbound
packets.
Figure 4-67. Sample Network
The figure above shows the clients behind the firewall and two sets of clients
outside of the firewall. You want to permit connections only to and from the
two addresses (172.19.55.0/24 and 172.23.11.0/24) on the Internet.
To configure this example, you will need a port trigger to permit connections
to be initiated from either side of the firewall and firewall access policies to
limit the connections to the two addresses.