TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 44
this implementation. The Firewall Rules tab of the “Company Information Assets”
spreadsheet in Appendix B can be used as a reference and to capture the requirements for
each rule. Every cell should be completed for all columns for each Information Asset
including the appropriate TMS Zone identified earlier in this section. Again, on
completion of this step, make sure to review these rules with the customer IT staff for
confirmation of accuracy and completeness. You may also include a signature from the
customer at the bottom of the firewall rules page as part of the review process with the IT
staff to re-enforce their ownership of this process.
For additional information on the TMS zl Module firewall features, see Chapter 4,
“Firewall,” of the HP ProCurve Threat Management Services zl Module Management
and Configuration Guide. This provides detailed information on how to configure
firewall policy rules to restrict traffic to only that explicitly permitted by the enterprise’s
written security policy.
Depending on the specific network design, NAT configuration may also need to be
included in the firewall configuration to properly pass traffic. See Chapter 5, “Network
Address Translation,” of the HP ProCurve Threat Management Services zl Module
Management and Configuration Guide for more details on configuring NAT policy rules.
These policies control the conditions under which source IP address, destination IP
address and/or destination TCP/UDP port will be translated or excluded from translation.
An example would be the translation of a private, non-routable RFC 1918 IP address for
a web server in the DMZ security zone into a public, routable IP address so that it may be
accessed, with appropriate firewall and other security controls, by Internet users. In
addition, Section 10 of this document contains a couple of simple examples using NAT
with screenshots of the configuration screens.
We are now ready to move on to Section 9: Installation and Preparation of the TMS zl
Module to have our module isntalled in the switch. Then, in Section 10: Configuration of
the TMS zl Module, we go through the configuration steps for some design scenarios.