Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
1-15
Overview
Deployment Options for Routing Mode—Threat Protection
control how users access the resources—for example, how much bandwidth
is devoted to particular types of traffic or even when certain resources are
accessed.
According to your needs, you can enable either the IPS or the firewall or both.
Internal VPN. You might implement a client-to-site VPN within the internal
network when you have resources that require particularly strong protection.
Configure IPsec policies on the TMS zl Module to require encryption for all
traffic destined to or from these resources. Then configure VPN clients on the
high-security resources and the endpoints allowed to access those resources.
Alternatively, if you have another VPN gateway, you can install that gateway
in front of the high-security resources. Then configure a site-to-site VPN
between the TMS zl Module and that gateway.
Internal NAT. Traditionally, NAT translates IP addresses between two sep-
arate networks. However, the TMS zl Module can implement NAT internally.
For example, you might want to conceal your company’s private IP addresses
from users in a guest VLAN, or you might need to merge two networks that
have similar addressing schemes.
Deployment Location for Internal Threat Protection
This section explains where to deploy a routing-mode TMS zl Module for
internal threat protection.
The TMS zl Module does not need to stand in-line between internal endpoints
and network resources because it receives network traffic by acting as the
router for that traffic. Typically, you would install the module in a core
ProCurve 5400zl or 8200zl switch.