TMS zl Management and Configuration Guide ST.1.1.100226
1-43
Overview
Firewall
Firewall
In routing mode, the TMS zl Module firewall filters traffic that it routes
between TMS VLANs. (A TMS VLAN is a VLAN that you have assigned to a
zone.) The firewall can:
■ Permit or deny traffic according to access policies that you configure
■ Control the amount of bandwidth used by particular types of traffic
■ Create reservations that guarantee that a session will be open for certain
traffic
■ Run attack checks
Note Traffic that is transmitted between devices on the same TMS VLAN is not
filtered by the TMS zl Module in routing mode.
The TMS zl Module firewall is stateful. In other words, it tracks session
information and recognizes packets that are part of the same session or traffic
flow. This allows module to provide better attack checks. In addition, you do
not have to create reverse access policies for return traffic. You simply create
the policies that allow the sessions to be initiated.
Access Policies
The TMS zl Module supports up to 20,000 access policies. The module deter-
mines which group of policies apply to a particular packet according to these
criteria:
■ Whether the traffic is unicast or multicast
The module’s Web browser interface displays unicast policies on the
Firewall > Access Policies >Unicast window and multicast policies on the
Firewall > Access Policies > Multicast window.
■ The user group associated with the source IP address
User groups apply when the TMS zl Module enforces authentication (see
“Access Control with Authentication” on page 1-29). If a source address
is not associated with a group, the access policies in the None group apply.
In the module’s Web browser interface, you can see the policies that apply
to a user group by selecting the group from the User Group list on the
Firewall > Access Policies > Unicast window.