Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
1-12
Overview
Zones
The ProCurve 5400zl or 8200zl switch in which the module is installed also
supports remote mirroring. If other switches in your network support remote
mirroring as well, you can send traffic from these switches to be analyzed by
the TMS zl Module.
Zones
In routing mode, the TMS zl Module uses zones to control traffic. Zones are
logical groupings of TMS VLANs that have similar security needs or levels of
trust. Zones enable you to create common policies, such as firewall access
policies and NAT policies, that apply to all members of the zone.
The module supports two types of zones:
Self—traffic that is destined to any IP address that is configured on the
TMS zl Module itself
Access control—traffic that passes between locations on the network
or from an outside network to the internal network
Self Zone
The Self zone allows you to control sessions that originate or terminate on the
TMS zl Module itself. It contains all of the module’s IP addresses on the TMS
VLANs.
Addresses to which destination NAT is applied are also part of the Self zone.
In other words, when the TMS zl Module applies destination NAT to traffic,
the pre-NAT traffic may be destined to an address that exists on the module
or to another address (which the module automatically configures itself to
respond to when you set up destination NAT). In either case, the traffic is
considered to be destined to the Self zone.
Traffic that originates in or is destined to the Self zone includes:
Management traffic
IKE traffic for establishing VPNs for which the TMS zl Module is the
gateway
Routing updates
User authentication
Traffic to which destination NAT will be applied