TMS zl Management and Configuration Guide ST.1.2.100916
2-5
Initial Setup in Routing Mode
Deploying the TMS zl Module
When operating in this mode, the TMS zl Module has an IP address for each
TMS VLAN, and endpoints in those VLANs use the TMS zl Module as their
default gateway. In some TMS VLANs (such as those in the External zone),
other routers might exist. These routers route traffic to the other TMS VLANs
through the module.
In short, the TMS zl Module handles all traffic that is routed in and out of TMS
VLANs, applying the routing mode security features as it does. For more
information, see “Routing Mode” on page 1-7 of Chapter 1: “Overview.”
Deploying the TMS zl Module
This section includes guidelines for deploying your TMS zl Module:
■ Selecting the deployment location
■ Planning zones
■ Readying the host switch
Select the Deployment Location
The TMS zl Module can be deployed so as to provide perimeter protection,
internal protection, or both. The sections below illustrate these deployments.
After you have selected the host HP 5400zl or 8400zl Series switch, install the
module. Consult the HP Switch zl Module Installation Guide or “Hardware
Overview” in Chapter 1: “Overview“ for information on how to properly install
the module in the switch chassis.
Perimeter Protection
The TMS zl Module in routing mode can be deployed at the perimeter to
control traffic that is routed to and from the external network, such as the
Internet or a remote office. Some of the key reasons to deploy the TMS zl
Module in routing mode at the perimeter are to:
■ Enforce firewall policies for traffic that is routed to the public-facing DMZ
server and to the corporate intranet
■ Perform NAT on connections to and from the Internet
■ Detect and block attacks from the Internet