HP TMS zl J9156A Handleiding

HP Niet gecategoriseerd TMS zl J9156A

Lees hieronder de đź“– handleiding in het Nederlandse voor HP TMS zl J9156A (7 pagina's) in de categorie Niet gecategoriseerd. Deze handleiding was nuttig voor 59 personen en werd door 2 gebruikers gemiddeld met 4.5 sterren beoordeeld

Pagina 1/7
ModelsModelsModelsModels
HP Threat Management Services zl Module
J9155A
Key featuresKey featuresKey featuresKey features
Stateful firewall
Intrusion detection/prevention system (IDS/IPS)
Virtual private network (VPN)
zl Module form factor
Industry-leading warranty
Product overviewProduct overviewProduct overviewProduct overview
The HP Threat Management Services (TMS) zl Module is a multifunction security system for the HP E5400 zl and E8200 zl Swit
Series. It is comprised of a stateful firewall, an intrusion detection/prevention system (IDS/IPS), and a virtual private network (VPN
concentrator. It enables network administrators to compartmentalize department traffic, protect the network from malware, and
provide secure remote access and site-to-site connectivity.
Features and BenefitsFeatures and BenefitsFeatures and BenefitsFeatures and Benefits
Intrusion detection/prevention systemIntrusion detection/prevention systemIntrusion detection/prevention systemIntrusion detection/prevention system
(IDS/IPS)
Deep packet inspectionDeep packet inspectionDeep packet inspectionDeep packet inspection
: module supports deep packet inspection and examines the packet payload as well as the frame a
packet headers; packets are dropped if attacks or intrusions are detected using signature-based or protocol anomaly-based
detection
Severity-based action policiesSeverity-based action policiesSeverity-based action policiesSeverity-based action policies
: involve action taken against attacks based on their severity; available actions are "allow,"
"block," and "terminate connection" to provide appropriate mitigation
Signature update serviceSignature update serviceSignature update serviceSignature update service
: provides regular updates to the signature database, helping to ensure that the latest available
signatures are installed
Signature-based detectionSignature-based detectionSignature-based detectionSignature-based detection
: detects known attacks that have known attack patterns; the IPS maintains a signature database
that contains the pattern definitions for known attacks, and can be automatically updated using a subscription service
Protocol anomaly-based detectionProtocol anomaly-based detectionProtocol anomaly-based detectionProtocol anomaly-based detection
: detects anomalies in application protocol header using signatures
Data center protectionData center protectionData center protectionData center protection
Server protectionServer protectionServer protectionServer protection
: stateful firewall controls traffic to the data center; intrusion protection system (IPS) detects and blocks thre
such as worms and viruses to maintain service and application availability
CompartmentalizationCompartmentalizationCompartmentalizationCompartmentalization
Departmental protectionDepartmental protectionDepartmental protectionDepartmental protection
: allows organizations to define departmental security policies to protect local resources with a
stateful firewall and IPS while at the same time allowing high-performance access to common resources
VPN concentrationVPN concentrationVPN concentrationVPN concentration
Site-to-site connectivitySite-to-site connectivitySite-to-site connectivitySite-to-site connectivity
: IPSec-encrypted tunnels help ensure privacy between sites with optional Generic Routing
Encapsulation (GRE) tunneling, which is available for full deployment flexibility; intersite links can be deployed quickly and
controlled with tunnel policies
Secure remote accessSecure remote accessSecure remote accessSecure remote access
: can be delivered for remote users via securely authenticated IPSec tunnels
QuickSpecs
HP Threat Management Services zl ModuleHP Threat Management Services zl ModuleHP Threat Management Services zl ModuHP Threat Management Services zl Module
Overview
DA - 13376 Worldwide — Version 5 — October 26, 2011
Page 1
FirewallFirewallFirewallFirewall
Stateful firewallStateful firewallStateful firewallStateful firewall
: enforces firewall policies to control traffic and filter access to network services; maintains session informatio
for every connection passing through it, enabling the firewall to control packets based on existing sessions
Zone-based access policiesZone-based access policiesZone-based access policiesZone-based access policies
: logically groups virtual LANs (VLANs) into zones that share common security policies; allows
both unicast and multicast policy settings by zones instead of by individual VLANs
Application-level gatewayApplication-level gatewayApplication-level gatewayApplication-level gateway
(ALG): deep packet inspection in the firewall discovers the IP address and service port information
embedded in the application data; the firewall then dynamically opens appropriate connections for specific applications
NAT/PATNAT/PATNAT/PATNAT/PAT
: choice of dynamic or static network address translator (NAT) preserves a network's IP address pool or conceals
private address of network resources, such as Web servers, which are made accessible to users of a guest or public wirele
LAN
DoS attack preventionDoS attack preventionDoS attack preventionDoS attack prevention
: firewall is able to detect various denial-of-service attacks and take appropriate action to mitigate the
threat
Authenticated network accessAuthenticated network accessAuthenticated network accessAuthenticated network access
: firewall can authenticate the user at a given IP address using RADIUS or a local user directo
before allowing connections from that location
Virtual private network Virtual private network Virtual private network Virtual private network
(VPN)
IPSecIPSecIPSecIPSec
: provides secure tunneling over an untrusted network such as the Internet or a wireless network; offers data
confidentiality, authenticity, and integrity between two endpoints of the network
Layer 2 Tunneling ProtocolLayer 2 Tunneling ProtocolLayer 2 Tunneling ProtocolLayer 2 Tunneling Protocol
(L2TP): is an industry standard-based traffic encapsulation mechanism supported by many
common operating systems; will tunnel the PPP traffic over IP and non-IP networks; and may also use the IP/UDP transpo
mechanism in IP networks
Manual or automatic key exchangeManual or automatic key exchangeManual or automatic key exchangeManual or automatic key exchange
(IKE): provides both manual or automatic key exchange required for the algorithms used
in encryption or authentication; auto-IKE allows automated management of the public key exchange, providing the highest
levels of encryption
Network Address Translation-TraversalNetwork Address Translation-TraversalNetwork Address Translation-TraversalNetwork Address Translation-Traversal
(NAT-T): enables IPSec-protected IP datagrams to pass through a network address
translator (NAT)
Digital certificate managementDigital certificate managementDigital certificate managementDigital certificate management
: digital certificates can be utilized to authenticate to an IPSec VPN gateway; this also suppor
certificate revocation list (CRL) and allows certificates to be imported through a Simple Certificate Enrollment Protocol (SCEP
server
Site-to-site connectivitySite-to-site connectivitySite-to-site connectivitySite-to-site connectivity
: two IPSec VPN gateways can be configured to provide secure site-to-site communication between
offices, partners, or suppliers; both IPSec or GRE tunnels are available
Generic Routing EncapsulationGeneric Routing EncapsulationGeneric Routing EncapsulationGeneric Routing Encapsulation
(GRE): can be used to transport Layer 2 connectivity over a Layer 3 path in a secured way
over IPsec; enables the segregation of traffic from site to site; provides dynamic routing and static failover
Secure remote accessSecure remote accessSecure remote accessSecure remote access
: allows remote users to connect to the VPN gateway for secure communication to the corporate
network over the public network; provides the flexibility to use the following VPN clients: Openswan VPN client for Linux, S
Soft VPN client, IPSecuritas VPN client for Macintosh OS X, Microsoft® Windows® XP native VPN client, Microsoft Window
Vista® native VPN client, and Microsoft Windows 7 native VPN client (both 32 bit and 64 bit)
Operating ModesOperating ModesOperating ModesOperating Modes
Route ModeRoute ModeRoute ModeRoute Mode
: provides the deployment of the firewall, VPN, and IPS in line with traffic for deep packet inspection to contro
and filter traffic; supports static routes, RIP, RIPv2, OSPF, IGMP, and PIM
Monitor ModeMonitor ModeMonitor ModeMonitor Mode
: provides the deployment of the intrusion detection system (IDS) to monitor traffic passively out of band with
traffic
ManagementManagementManagementManagement
Remote configuration and managementRemote configuration and managementRemote configuration and managementRemote configuration and management
: is available through a secure Web browser or a command-line interface (CLI)
Secure Web GUISecure Web GUISecure Web GUISecure Web GUI
: provides a secure, easy-to-use graphical interface for configuring the module via HTTPS
Command-line interfaceCommand-line interfaceCommand-line interfaceCommand-line interface
(CLI): provides a secure, easy-to-use command-line interface for configuring the module via SSH o
QuickSpecs
HP Threat Management Services zl ModuleHP Threat Management Services zl ModuleHP Threat Management Services zl ModuHP Threat Management Services zl Module
Overview
DA - 13376 Worldwide — Version 5 — October 26, 2011
Page 2
a switch console; provides direct real-time session visibility
HP PCM Plus and HP Network Immunity ManagerHP PCM Plus and HP Network Immunity ManagerHP PCM Plus and HP Network Immunity ManagerHP PCM Plus and HP Network Immunity Manager
: provides central management of multiple TMS zl Modules for discovery,
status management, and configuration
LoggingLoggingLoggingLogging
: provides local and remote logging of events via SNMP (v2c and v3) and syslog; provides log throttling and log
filtering to reduce the number of log events generated; support for email logging
ConnectivityConnectivityConnectivityConnectivity
Two 10-GbE connections to the switchTwo 10-GbE connections to the switchTwo 10-GbE connections to the switchTwo 10-GbE connections to the switch
: two 10-GbE wire-speed internal connections help ensure that the network
connections from application to switch backplane will not limit the performance of the application
PerformancePerformancePerformancePerformance
High-performance network bandwidthHigh-performance network bandwidthHigh-performance network bandwidthHigh-performance network bandwidth
: includes two internal wire-speed 10-GbE ports to the switch backplane
High-performance processor systemHigh-performance processor systemHigh-performance processor systemHigh-performance processor system
: Intel® Core™ 2 Duo Processor T7500 with 2.2 GHz, 4 MB cache provides a high-
performance compute environment in a small footprint using a single switch slot
Memory subsystemsMemory subsystemsMemory subsystemsMemory subsystems
: 4 GB of DDR2-667 dual-channel memory provides for quick application performance
Disk driveDisk driveDisk driveDisk drive
: 250 GB SATA II 7200 rpm hard disk drive (210 GB application space plus 40 GB diagnostic/maintenance sp
allows quick data reads/writes to speed applications along
Resiliency and high availabilityResiliency and high availabilityResiliency and high availabilityResiliency and high availability
Redundant power suppliesRedundant power suppliesRedundant power suppliesRedundant power supplies
: services module has the same level of power supply redundancy as the switch in which it is
installed
High availabilityHigh availabilityHigh availabilityHigh availability
: two modules can work together to provide high availability and redundancy; modules in the high-availabi
cluster share connection state information to provide stateful failover; active-standby failover is supported
Ease of useEase of useEase of useEase of use
Locator LEDLocator LEDLocator LEDLocator LED
(module): allows users to set the locator LED on a specific module to either turn on, blink, or turn off; simp
troubleshooting by making it easy to locate a specific module among other identical or similar modules
Technical featuresTechnical featuresTechnical featuresTechnical features
Firewall featuresFirewall featuresFirewall featuresFirewall features
:
Stateful packet inspection: filters are based on destination and source IP address, port number, and protocol filter
selector
Logging/Alerts: log messages in the WebTrends Enhance Log Format (WELF); logging of events via SNMP (v2 and v
logs are sent to syslog server and are sent via email messages
Enhanced firewall features: port triggering, resource reservation, service-based time-outs, traffic rate limiting, and
connection rate limiting
IPS/IDS featuresIPS/IDS featuresIPS/IDS featuresIPS/IDS features
:
Anomaly Engine: provides patternless attack detection (ICMP, UDP smurf, and DNS spoofing), protocol header integrit
checks (mandatory fields, duplicate fields, and buffer limits), SMTP, MIME, SMTP, FTP, DNS, NNTP, IP, UDP, and TC
Intrusion protection: provides intrusion protection mechanisms, and signature updates
VPN featuresVPN featuresVPN featuresVPN features
:
IPSec: AH, ESP, DES-CBC, 3DES-CBC, AES-128/192/256, HMAC-SHA1, HMAC-MD5, AES-XCBC, Tunnel mode,
Transport mode, Extended Sequence Number Support, and UDP encapsulation for NAT traversal
IKEv1: Main mode; Aggressive mode; Quick mode; Config mode; Diffe-Hellman Group 1, 2, and 5 support; SHA1;
MD5; Pre-shared keys; RSA/DSA signatures; Xauth; and PFS
PKI: SCEP client with PKCS#7 support
QuickSpecs
HP Threat Management Services zl ModuleHP Threat Management Services zl ModuleHP Threat Management Services zl ModuHP Threat Management Services zl Module
Overview
DA - 13376 Worldwide — Version 5 — October 26, 2011
Page 3


Product specificaties

Merk: HP
Categorie: Niet gecategoriseerd
Model: TMS zl J9156A
Gewicht: 1470 g
Luchtvochtigheid bij opslag: 15 - 95 procent
Bedrijfstemperatuur, bereik: 32 - 50 °F
Hoogte, in bedrijf: 0 - 3048 m
Compatibiliteit: HP E5400 zl\nHP E8212 zl
Afmetingen (B x D x H): 247.7 x 206.5 x 44.5 mm
Bedrijfstemperatuur (T-T): 0 - 10 °C
Relatieve vochtigheid in bedrijf (V-V): 15 - 90 procent

Heb je hulp nodig?

Als je hulp nodig hebt met HP TMS zl J9156A stel dan hieronder een vraag en andere gebruikers zullen je antwoorden




Handleiding Niet gecategoriseerd HP

Handleiding Niet gecategoriseerd

Nieuwste handleidingen voor Niet gecategoriseerd