TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 140
System > Settings > High Availability Window
3. Select a Cluster Scheme. If you do not plan to configure HA at this
time, you should select None and configure the next section.
4. Under HA IP Configuration, for VLAN ID, type the ID number of the
VLAN that will manage HA traffic. The default HA management
VLAN is VLAN 1, but you should change the HA VLAN from the
default to prevent unwanted multicast traffic from occupying the
firewall’s resources.
Both cluster members must use the same HA VLAN, and different
clusters on the same subnet can also use the same HA VLAN or a
different HA VLAN.
5. Under HA IP Configuration, for IP Address and Subnet Mask, type
the IP address and subnet mask for HA management traffic. Each
cluster member must have a unique address on the HA VLAN.
6. Under Cluster Information, assign the device to a cluster by selecting
a Cluster ID from the list. Both members must have the same cluster
ID, and each cluster must use a unique ID number.
7. For Multicast IP, accept the default multicast IP address (224.0.0.18
for the HA data protocol) or, if you are already using this address on
your network for VRRP, type a new multicast IP address. Both
members must have the same multicast IP address.
8. Under Device Information, for Device ID, select a number to identify
the module within the cluster. Each member must have a unique device
ID.
9. For Device Priority, assign the device a priority in the cluster, with
255 as the highest priority and 1 as the lowest. The device with the
highest number will be selected as the master in the event that both
modules come online at the same time, such as when the host switch is
rebooted.
10. Click Apply My Changes.
11. Click Save. You will be warned that HA will not be enabled until the
module is rebooted.
12. Click OK. You are warned that the cluster scheme has been changed
and reminded to make this change on all members of the cluster.
13. Click OK.
14. Select System > Maintenance and click the Reboot tab. Click the
Reboot button and click Save & reboot at the prompt.