TMS zl Management and Configuration Guide ST.1.2.100916
1-22
Overview
Deployment Options for Routing Mode—Threat Protection
should also verify that DHCP scopes or pools on your network’s DHCP
servers include the TMS zl Module’s IP addresses as the default gateways
for endpoints on those TMS VLANs.
The TMS zl Module in Figure 1-8 has the following IP addresses on its
TMS VLANs, which are also the default gateway addresses for those
VLANs:
• VLAN20—10.1.20.99
• VLAN30—10.1.30.99
• VLAN40—10.1.40.99
• VLAN50—10.1.50.99
See “Zones” on page 1-12 for an overview of zones and “Plan the Zones”
in Chapter 2: “Initial Setup in Routing Mode” for detailed instructions.
12. Configure dynamic or static routing.
You should have already created a default route for external traffic (see
step 10). You can now configure other routes. Instead of creating static
routes, you can configure dynamic routing.
See page 1-67: “Routing” for an overview and Chapter 9: “Routing” for
detailed instructions.
13. Configure the TMS zl Module’s firewall.
To control internal traffic, create access policies that specify internal
zones as the source and destination zones. To allow users to reach the
Internet or other external networks, create access policies for which the
destination zone is External (or whichever zone contains the module’s
default gateway).
See “Access Policies” on page 1-43 for an overview of policies and
Chapter 4: “Firewall” for detailed instructions.
Note Depending on how you configure the access policies, the TMS zl Module
can provide perimeter protection as well as internal protection. See
“Deployment Tasks for Perimeter Threat Protection” on page 1-25. Or
other security devices can stand between the TMS zl Module and its
default gateway to provide perimeter protection.
14. Optionally, configure the TMS zl Module’s IPS.
See “IDS/IPS” on page 1-36 for an overview and Chapter 6: “Intrusion
Detection and Prevention” for detailed instructions.