Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
1-45
Overview
Firewall
Access Policy Settings
In particular, an access policy includes these settings:
Permit (forward) or deny (drop) matching traffic
Source zone and destination zone
Header values against which the packet is matched:
Service (protocol or protocol and destination port)
Source IP address or source DNS name
The TMS zl Module can resolve the IP address for a DNS name and
match the policy to packets with that source address. (Make sure that
the module is configured with a valid DNS server IP address.)
Caution When the TMS zl Module evaluates a firewall access policy that
contains a domain name that cannot be resolved, it terminates eval-
uation and denies the session. As a result of this safeguard, a DNS
failure can deny traffic that would otherwise be allowed by subse-
quent policies. A best practice is to place policies that use domain
names at near to the end of the policy list as possible in order to
mitigate the impact of DNS failures.
Source port
Destination IP address or destination DNS name
The TMS zl Module can resolve the IP address for a DNS name and
match the policy to packets with that destination address. Again, if
the domain name cannot be resolved, the module immediately drops
the packet.
Whether IPS is enabled for sessions established with this policy
Whether logging is enabled for traffic that matches this policy
Optional: A schedule to control when the policy applies
Optional: The maximum segment size (MSS) for TCP packets
Optional: Rate-limiting settings for sessions that are established with this
policy
For more information on the optional settings, see the sections below.
Schedules. When you create an access policy, you can create and select a
schedule object for it. A schedule object includes these settings:
Days of the week
A time period—for example, 08:00 to 17:00