TMS zl Management and Configuration Guide ST.1.1.100226
1-8
Overview
Operating Modes
Figure 1-1. Logical Operation of the TMS zl Module in Routing Mode
You must set up your network infrastructure so that the TMS zl Module acts
as a router for all VLANs on which you want to manage threats. You assign the
module an IP address on these VLANs so that it can route and filter their traffic;
these VLANs are then called TMS VLANs.
Generally, the TMS zl Module acts as the default router for all endpoints in a
TMS VLAN. Whenever one of these endpoints sends traffic to another subnet,
the TMS zl Module receives the traffic. In other words, the module receives
traffic that is routed out of or between the TMS VLANs. It does not receive—
and thus does not filter—traffic that originates in and is destined to the same
VLAN.
For some TMS VLANs, the module might be one of multiple routers. For
example, the TMS VLAN through which the module connects to an external
network might include a WAN router that connects to the Internet. In this case,
the other router should be configured to route all traffic destined to TMS
VLANs through the TMS zl Module, ensuring that the module receives and
filters it. (The TMS zl Module can operate within most routing systems. For
more information on its routing capabilities, see “Routing” on page 1-67.)
Figure 1-2 illustrates which traffic is and is not filtered by the TMS zl Module.