TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 36
In addition to tunnels providing secure access for administrators of senstive
information processing hosts as previously shown in Figure 9: Data Center
Security Control Point Internal VPN, the tunnels from the remote sensitive
information enclaves back to the data center can also be joined into this
protected network.
See Chapter 7, “Virtual Private Networks,” of the HP ProCurve Threat
Management Services zl Module Management and Configuration Guide for
detailed information on how to configure IKE policies, IPsec proposals, IPsec
policies, LT2P over IPsec, GRE tunnels, and the necessary firewall policies to
support various VPN tunnel permutations to pass through.
Note: In some of the above TMS zl Module use cases, a Network Address
Translation (NAT) configuration may also need to be included in the
firewall configuration to properly pass traffic. This would very often be
the case for the Perimeter design presented earlier. For more information
on this topic, see Chapter 5, “Network Address Translation,” of the HP
ProCurve Threat Management Services zl Module Management and
Configuration Guide. In addition, Section 10 of this document contains a
couple of simple examples using NAT with screenshots of the
configuration screens.