Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
1-47
Overview
Firewall
You can do so by forcing the MSS for the connection to be small enough that
any additional headers added by the TMS zl Module do not cause the frame to
exceed the MTU.
Rate Limiting. Instead of simply permitting or denying all traffic that
matches an access policy, the TMS zl Module can control the traffic in a more
nuanced way. It can limit the number of sessions and the amount of bandwidth
devoted to the permitted traffic. For example, you can limit the bandwidth for
traffic that is sent to the Internet by users in a TMS VLAN that guests use.
Rate limiting is supported for unicast policies but not for multicast policies.
Rate-limiting settings are configured as advanced settings in access policies.
They include the following parameters for traffic that matches the policy:
Maximum connections—the total number of connections that can be
initiated
Connection creation rate—the number of connections that can be
initiated within a certain time period
Packet rate—the total number of packets that are allowed within a
certain time period (other packets are dropped)
Maximum bandwidth—the amount of bandwidth that can be devoted to
the session (traffic that exceeds the allowed bandwidth is dropped)
For example, you can configure access policies such as these:
A policy that controls the total number of connections to your internal
HTTP server
Create an access policy that permits access to the HTTP server. Configure
the maximum connections settings.
A policy that restricts the amount of bandwidth that is used by employees
downloading files from Internet FTP servers
Create an access policy that specifies FTP for the service. Configure the
maximum bandwidth setting.
Processing Access Policies
The TMS zl Module matches a packet to every access policy that:
Is the correct type (unicast or multicast)
Applies to the user group of the packet’s source IP address (or, if the
packet has no group, to the None user group)
Specifies the packet’s source and destination zone