Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
1-48
Overview
Firewall
Within these policies, the module starts with the policy that has the highest
position (lowest numerical value). For example, it will match a packet against
Internal-to-External access policy 1 before it matches it to Internal -to-Exter-
nal access policy 2. The module takes the action that is specified in the first
policy that the packet matches. It then stops processing policies.
If the packet never matches a policy, the module drops it. In other words, the
TMS zl Module denies all traffic that is not explicitly permitted. Any traffic
that you want to permit requires an explicit access policy. (However, certain
traffic such as routing protocols are allowed by default.)
Caution Because the module has an implicit policy that denies all traffic, you should
not configure an explicit policy to do so. Such a policy can prevent ALGs from
opening dynamic ports and interfere with the functioning of certain applica-
tions.
Connection Reservations
When you set a connection reservation, you ensure that a particular IP address
or range of addresses has connectivity regardless of how much traffic is
passing through the TMS zl Module.
Connection reservations can be for outbound connections to a zone, in which
case they reserve connections for specific source addresses to any destination
in that zone. For example, in Figure 1-11, 10 connections to any address in the
DMZ zone have been reserved for each address in the 10.1.1.11 to 10.1.1.60
range.