TMS zl Management and Configuration Guide ST.1.1.100430
1-14
Overview
Deployment Options for Routing Mode—Threat Protection
However, if you plan to create many different policies for different TMS
VLANs, it might be easier to associate the VLANs with different zones. For
example, you could associate VLANs in your private network with three
separate zones: Zone1, renamed Server, contains VLAN 10, which is for serv-
ers; Employee zone (formerly Zone2) contains user VLANs 20 and 40, which
are for regular employees; and Guest zone contains user VLAN 30, which is
for guests.
Deployment Options for Routing
Mode—Threat Protection
The TMS zl Module in routing mode can protect your network in many ways.
This section covers several use models for deploying the module in routing
mode. Each use model explains the reasons for selecting the deployment
option, the services that are provided by the TMS zl Module, and a list of tasks
that must be performed to deploy and configure the module.
Internal Threat Protection
The TMS zl Module in routing mode can protect your private network from
internal threats much as a traditional security device protects your network
from external threats. You would select this use model if you have less-trusted
users inside your network perimeter or if you want to control how your
internal users access and use your network.
Internal Threat Protection Overview
In routing mode, the TMS zl Module provides two primary means of threat
protection:
■ IPS
■ Firewall
The IPS blocks known DoS attacks, exploits, worms, viruses, and other
threats. The firewall both blocks DoS attacks and provides access control,
which means that the firewall enforces policies that control which endpoints
access which network resources. The firewall might deny traffic from one
endpoint while permitting it from another endpoint. In addition to controlling
which resources individual users can access, the TMS zl Module’s firewall can