Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
131132133134135136137138139140
2-11
Initial Setup in Routing Mode
Deploying the TMS zl Module
Zone Best Practices
Which zones you use will depend on both the size and security needs of your
network. The following are a few best practices:
Use the External zone for VLANs that handle traffic to the Internet or
another untrusted network.
Use DMZ for VLANs that contain publicly available resources such as Web
services and FTP.
For an extremely simple network configuration, put all VLANs in the LAN
in the Internal zone.
For more powerful access control, place different internal VLANs in
different zones:
If you choose to put your wireless traffic and wired traffic in different
VLANs, you can also put wireless VLANs and wired VLANs in separate
zones. (However, you can also put your wireless and wired traffic in
the same VLAN and zone.)
You might consider putting high-security VLANs in a separate zone
from lower-security VLANs.
Put your guests and temporary employees into separate VLANs, and
then put the VLANs in a separate zone. This will allow you to create
rules that are more specifically tailored to limited access.
Alternatively, you can force both guests and employees to
authenticate to the TMS zl Module and separate groups of policies by
user group. See “User Authentication” on page 4-47 of Chapter 4:
“Firewall.”
Depending on the complexity and security needs of your network,
you should continue separating the internal network VLANs into
specific zones (Zone1 through Zone6, renamed as you desire), accord-
ing to the security needs of users in the VLANs.
Create a zone for all management stations, infrastructure devices,
and management servers (including PCM or PCM+) that are in the
management VLAN. You will define this zone as a management-access
zone.