TMS zl Management and Configuration Guide ST.1.1.100430
1-23
Overview
Deployment Options for Routing Mode—Threat Protection
15. Optionally, configure NAT to translate addresses between TMS VLANs.
For example, you could follow these steps to configure NAT between TMS
VLANs in the Internal zone and a guest TMS VLAN in Zone2:
a. The guests have IP addresses in a private subnet that is not used in
the rest of the private network.
b. Configure a Zone2-to-Internal NAT policy that applies source NAT to
guest IP addresses.
c. Traffic from endpoints in Zone2 now has an IP address that is valid
for the Internal zone.
See “Network Address Translation (NAT)” on page 1-61 for an overview
and Chapter 5: “Network Address Translation” for detailed instructions.
16. Optionally, configure the TMS zl Module as a VPN gateway for client-to-
site or site-to-site VPNs.
See “Virtual Private Network (VPN)” on page 1-64 for an overview and
Chapter 7: “Virtual Private Networks” for detailed instructions.
17. Optionally, configure the TMS zl Module as a member of an HA cluster
with other TMS zl Modules.
See “HA Clusters” on page 1-70 for an overview and “Overview” in
Chapter 8: “High Availability” for detailed instructions.
Perimeter Protection
You can deploy your TMS zl Module at the perimeter of your network to
protect the internal network from an external attack from the Internet or other
untrusted networks.
Perimeter Protection Overview
The TMS zl Module in routing mode provides two primary means of threat
protection at the perimeter:
■ IPS
■ Firewall
The IPS blocks known DoS attacks, exploits, worms, viruses, and other
threats. The firewall blocks DoS attacks and provides access control. For
example, you can close your network to external access except for traffic
destined to a select group of servers and applications. The firewall also allows
you to control the number of connections or the amount of bandwidth devoted