TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 89
10.5.3 Internet Access for Windows Update
Internet access using a private address requires an additional step – Network Address
Translation, or NAT. Let’s detail this configuration by allowing our clients to access
Windows Update.
As a refresher, here is another look at our network diagram. Our web clients are on the
10.0.0/24 subnet, which is not publicly routable.
Figure 23
We need to translate those private IP addresses to a public IP address that is on VLAN 5.
Let’s setup a NAT policy. We are setting up a NAT translation for any service, any
source IP address, to any destination IP address where the source IP address will be
changed to the Routed VLAN IP address (VLAN 5’s IP address in this example).