TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 13
o Time of day—the start and end times within the day
For example, rather than manually specify the IP address of your Web server in multiple
policies, you can create an object named WebServer with the Web server’s IP address.
You can then specify the WebServer object every time that you create a policy for
controlling access to the Web server. If the IP address of the Web server changes you
can edit the address object, and the change will propagate through all of the policies that
include the object.
NAT policies support only single-entry address objects and service objects. The IPsec
policy traffic selector supports only single-entry address objects. The following table
provides the complete information about how you can use each type of object.
Object Type Firewall NAT Port
VPN
Single-Entry
IP X X X X
Range X X X
Network X X X
Single-port service X X X
Port-range service X X
IANA IP protocol X X
Schedule X
Multiple-Entry
IP X
Range X
Network X
Domain name X
Address groups X
Service groups X X
Table 2: Named Objects and Their Uses