Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
131132133134135136137138139140
2-9
Initial Setup in Routing Mode
Deploying the TMS zl Module
Understanding TMS VLANs and Zones
The module supports two types of zones:
Self—The Self zone is a special zone inside the TMS zl Module that
contains the modules TMS VLAN IP addresses and addresses associated
with destination NAT policies. All traffic that originates from the TMS zl
Module comes from the Self zone. You cannot associate VLANs with the
Self zone.
Access control
Internal—Zone on the internal network (you can rename this zone)
Zone1 through Zone6—Optional, user-defined zones (you can
rename any of these zones)
DMZDemilitarized zone, located logically between Internal and
External (you can rename this zone)
External—Outside of the internal network, such as the Internet or
another untrusted network
VLANs can be associated with only one zone at a time. You can associate a
VLAN with any of the access control zones. However, you should assign the
VLAN with your Internet connection to the External zone because are some
protections, such as firewall’s sequence number prediction attack check, that
will only apply to the External zone.
After you associate a VLAN with a zone, it is called a TMS VLAN. You can
create up to 256 VLAN associations.
As described early, the TMS zl Module requires an IP address on each TMS
VLAN; it will act as a router for the VLAN and filter all traffic that passes in
and out of it. Therefore, while you plan the zones, you should also plan the
module’s IP addresses.