HP X Unified Security Platform 155

Security Zone Configuration

Configure a Security Zone

STEP 1

STEP 2

STEP 3

STEP 4

STEP 5

STEP 6

STEP 7

STEP 8

From the LSM menu, select Network > Security Zones.

Click Create (for a new security zone) or click the Edit icon for the zone you want to edit.

On the Create/Edit Security Zone type the Security Zone Name for the new zone.

You can only edit the Security Zone name when you are creating the zone.

Check the Ethernet Ports that you want to add to the zone.

If you select a port that is already assigned to another zone, the port will be reassigned to this zone.

You do not need to assign ports to a zone if you are using the zone solely for a VPN tunnel.

Note With tagged ports, you can have as many ports in a security zone as you require. However, you cannot configure firewall rules or IPS filters between ports in the same Security Zone.

If you want to enable VLAN tagging on the port(s) assigned to the Security Zone, check the Enable 802.1q VLAN Tagging option and enter a VLAN ID.

Note With tagged ports, you can have as many security zones sharing a port as you require. Each zone must be associated with an interface.

To set the maximum transmission unit (MTU) size, enter a decimal number from 100 to 1500 in the MTU Size field.

The default for Ethernet is 1500. Reducing the MTU ensures that packets sent over networks with smaller MTUs than Ethernet are not fragmented.

To apply Bandwidth Management, check Enable bandwidth rate limiting, and enter the required limits in Kbps (any decimal number from 1 to 100000) for outbound traffic and inbound traffic in the appropriate fields.

Bandwidth Management is typically used to prevent packet queuing on a WAN device to provide lower end-to-end latency on latency sensitive traffic such as voice over IP.

To restrict the IP addresses of clients in the Security Zone for additional security purposes, check Restrict Security Zone to the following IP addresses. Then, select one of the follow- ing.

STEP 9

STEP 10

•IP Address Group — select the name of the group from the drop-down list. (To configure IP Address Groups, navigate to Network > Configuration > IP Address Groups.)

•IP Subnet — type the IP network address and subnet mask.

•IP Range — type a range of IP addresses within the IP Interface subnet.

To prevent traffic going from this security zone to a VPN tunnel, check Prevent Security Zone sending to VPN tunnels.

Click Create/Save to save the configuration.

Click Cancel to discard the changes.

X Family LSM User’s Guide V 2.5.1	139