TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 67
Here is the diagram that represents what we just configured. Our TMS zl Module’s port
D1 became a tagged member of VLAN 2. The 5406zl port B1 is an untagged member of
VLAN 2 and connected to an external Ethernet device.
Note: Port D2 is used for High Availability and is not discussed in this section.
Figure 18
From the PC in the switch management VLAN, VLAN 2, we open up a web browser
with this address: https://192.168.0.254 and we immediately see a “Security Alert”
dialog. The alert explains that (1) the CA that issued the certificate is currently not
trusted, and (2) the name on the certificate is not matching the name of the site. Let’s
click OK and proceed with the connection.
Note: If you click click View Certificate, you will see that this certificate was
issued by the HP ProCurve CA and some details about it. Unfortunately, at the
present time, there is no way to update this certificate to something more specific
to the customer’s environment. For additional discussion, see the “Accessing the
Web Browser Interface” section of the HP ProCurve Threat Management
Services zl Module Management and Configuration Guide.