TMS zl Module Installation and Getting Started Guide 2010-03
2-14
Getting Started
Initial Configuration
hostswitch(tms-module-C:config)# vlan <
vlan ID
> zone <
firewall zone
>
Remember if you want the host switch to have an IP address on that VLAN,
include the allow-switch-ip option.
hostswitch(tms-module-C:config)# vlan <
vlan ID
> zone <
firewall zone
>
allow-switch-ip
b. Assign the module an IP address on the subnet that is associated with
that VLAN.
hostswitch(tms-module-C:config)# vlan <
vlan ID
> ip address <
ip
address
> <
subnet
mask>
9. Define a default gateway:
hostswitch(tms-module-C:config)# ip route 0.0.0.0/0 <next-hop
address>
10. Ping the default gateway to verify connectivity.
If the default gateway is in the management-access zone defined, complete
Step 10a.
If the default gateway is not in the management-access zone defined, complete
Step 10b.
a. Since the default gateway’s zone is a management-access zone, the
TMS zl module automatically created a firewall access policy that
allows ICMP echo packets between the Self zone (the module) and
that zone. You can simply ping the default gateway.
hostswitch(tms-module-C:config)# ping <
default gateway
>
b. Since the default gateway is not in a management-access zone, the
TMS zl module will block ICMP echo packets between the Self zone
and the gateway’s zone until you create an access policy to allow this
traffic.
hostswitch(tms-module-C:config)# access-policy self <
destination
zone
> permit icmp echo <
source address
> <
destination address
>
For a complete list of all options available for the access-policy command,
refer to the Threat Management Services zl Module Management and Config-
uration Guide.
11. Save the configuration on the TMS zl module:
hostswitch(tms-module-C:config)# write memory
zlSM.book Page 14 Monday, March 1, 2010 11:42 PM