Hewlett Packard Enterprise TMS zl
Contents
1. Qu ickSpecs HP Threat Management Services zl Module Overview Models HP Threat Management Services zl Module J9155A Key features e Stateful firewall e Intrusion detection prevention system IDS IPS Virtual private network VPN z Module form factor Industry leading warranty Product overview The HP Threat Management Services TMS zl Module is a multifunction security system for the HP E5400 zl and E8200 zl Switch Series It is comprised of a stateful firewall an intrusion detection prevention system IDS IPS and a virtual private network VPN concentrator It enables network administrators to compartmentalize department trattic protect the network from malware and provide secure remote access and site to site connectivity Features and Benetits Intrusion detection prevention system IDS IPS e Deep packet inspection module supports deep packet inspection and examines the packet payload as well as the frame and packet headers packets are dropped if attacks or intrusions are detected using signature based or protocol anomaly based detection e Severity based action policies involve action taken against attacks based on their severity available actions are allow block and terminate connection to provide appropriate mitigation e Signature update service provides regular updates to the signature database helping to ensure that the latest available signatures are installed e Signature based detection detects k2. log events generated support for email logging Connectivity e Two 10 GbE connections to the switch two 10 GbE wire speed internal connections help ensure that the network connections trom application to switch backplane will not limit the performance of the application Performance e High performance network bandwidth includes two internal wire speed 10 GbE ports to the switch backplane e High performance processor system Intel Core 2 Duo Processor T7500 with 2 2 GHz 4 MB cache provides a high performance compute environment in a small footprint using a single switch slot e Memory subsystems 4 GB of DDR2 667 dual channel memory provides for quick application performance e Disk drive 250 GB SATA II 7200 rpm hard disk drive 210 GB application space plus 40 GB diagnostic maintenance space allows quick data reads writes to speed applications along Resiliency and high availability Redundant power supplies services module has the same level of power supply redundancy as the switch in which it is installed High availability two modules can work together to provide high availability and redundancy modules in the high availability cluster share connection state information to provide stateful failover active standby failover is supported Ease of use e Locator LED module allows users to set the locator LED on a specific module to either turn on blink or turn off simplifies troubleshooting by making it easy to locate a s
3. S subscription J9156A accessories License HP Threat Management Services 1 year IPS subscription J9157A HP Threat Management Services 2 year IDS IPS subscription J9158A HP Threat Management Services 3 year IDS IPS subscription J9159A Af DA 13376 Worldwide Version 5 October 26 201 1 Page 5 Qu ickSpecs HP Threat Management Services zl Module Accessory Product Details NOTE Details are not available for all accessories The following specifications were available at the time of publication HP Threat Management Physical characteristics Dimensions 9 5 d x 8 13 w x 1 75 h in 24 77 x 20 65 x Services zl Module with 1 4 45 cm year IPS Subscription Weight 3 25 Ib 1 47 kg pence uy oer Environment Operating temperature 32 F to 50 F 0 C to 10 C Operating relative 15 to 90 122 F 50 C noncondensing humidity Nonoperating Storage 14 F to 149 F 10 C to 65 C temperature Nonoperating Storage 15 to 95 149 F 65 C noncondensing relative humidity Altitude up to 10 000 ft 3 km Electrical characteristics Maximum heat dissipation 272 BTU hr 286 96 kJ hr Maximum power rating 80 W Notes Maximum power rating and maximum heat dissipation are the worst case theoretical maximum numbers provided for planning the infrastructure with fully loaded PoE it equipped 100 traffic all ports plugged in and all modules populated Notes Chassis operating temperature specifications of the E5400 z
4. duct numbers For details about services and response times in your area please contact your local HP sales office To learn more visit www hp com networking Copyright 2011 Hewlett Packard Development Company L P The intormation contained herein is subject to change without notice The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Intel and Core are trademarks of Intel Corporation in the U S and other countries Microsoft Windows and Windows Vista are U S registered trademarks of Microsoft Corporation GY DA 13376 Worldwide Version 5 October 26 201 1 Page 7
5. ed by many common operating systems will tunnel the PPP traffic over IP and non IP networks and may also use the IP UDP transport mechanism in IP networks Manual or automatic key exchange IKE provides both manual or automatic key exchange required for the algorithms used in encryption or authentication auto IKE allows automated management of the public key exchange providing the highest levels of encryption e Network Address Translation Traversal NAT T enables IPSec protected IP datagrams to pass through a network address translator NAT e Digital certificate management digital certiticates can be utilized to authenticate to an IPSec VPN gateway this also supports certificate revocation list CRL and allows certificates to be imported through a Simple Certificate Enrollment Protocol SCEP server e Site to site connectivity two IPSec VPN gateways can be configured to provide secure site to site communication between offices partners or suppliers both IPSec or GRE tunnels are available e Generic Routing Encapsulation GRE can be used to transport Layer 2 connectivity over a Layer 3 path in a secured way over IPsec enables the segregation of traffic trom site to site provides dynamic routing and static failover e Secure remote access allows remote users to connect to the VPN gateway for secure communication to the corporate network over the public network provides the flexibility to use the following VPN clients Openswan VPN clie
6. formation for every connection passing through it enabling the firewall to control packets based on existing sessions e Zone based access policies logically groups virtual LANs VLANs into zones that share common security policies allows both unicast and multicast policy settings by zones instead of by individual VLANs e Application level gateway ALG deep packet inspection in the firewall discovers the IP address and service port information embedded in the application data the firewall then dynamically opens appropriate connections for specific applications e NAT PAT choice of dynamic or static network address translator NAT preserves a network s IP address pool or conceals the private address of network resources such as Web servers which are made accessible to users of a guest or public wireless LAN e DoS attack prevention firewall is able to detect various denial of service attacks and take appropriate action to mitigate the threat e Authenticated network access firewall can authenticate the user at a given IP address using RADIUS or a local user directory before allowing connections from that location Virtual private network VPN e PSec provides secure tunneling over an untrusted network such as the Internet or a wireless network offers data contidentiality authenticity and integrity between two endpoints of the network e Layer 2 Tunneling Protocol L2TP is an industry standard based traffic encapsulation mechanism support
7. ickSpecs HP Threat Management Services zl Module Accessory Product Details 1 year post warranty 4 hour onsite 24x7 coverage for hardware 24x7 software phone support UQ597PE Installation with HP provided configuration system based pricing US668E Installation with HP provided configuration system based pricing US668E 3 Yr 6 hr Call to Repair Onsite UW374E 4 Yr 6 hr Call to Repair Onsite UW375E 5 Yr 6 hr Call to Repair Onsite UW376E 1 year 6 hour Call To Repair Onsite for hardware HR998E 1 year 24x7 software phone support software updates HR997E 1 year 24x7 software phone support software updates Next Business Day Hardware Exchange HS786E 1 year 24x7 software phone support software updates 4 hour hardware exchange HS787E 3 year 24x7 software phone support software updates Next Business Day Hardware Exchange HS788E 3 year 24x7 software phone support software updates 4 hour Hardware Exchange HS789E 4 year 24x7 software phone support software updates Next Business Day Hardware Exchange HS790E 4 year 24x7 software phone support software updates 4 hour Hardware Exchange HS791E 5 year 24x7 software phone support software updates Next Business Day Hardware Exchange HS792E 5 year 24x7 software phone support software updates 4 hour Hardware Exchange HS793E Refer to the HP website at www hp com networking services for details on the service level descriptions and pro
8. ion is desired When the services module is installed the maximum relative humidity for the switch drops trom 95 to 90 3 year 4 hour onsite 13x5 coverage for hardware UQ589E 3 year 4 hour onsite 24x7 coverage for hardware UQ590E 3 year 4 hour onsite 24x7 coverage tor hardware 24x7 SW phone support and SW updates UQ59 1E 3 Year 9x5 SW phone support software updates UQ592E 3 year 24x7 SW phone support sottware updates UQ593E 1 year post warranty parts only global next day advance exchange UQ594PE 1 year post warranty 4 hour onsite 13x5 coverage for hardware UQ595PE 1 year post warranty 4 hour onsite 24x7 coverage for hardware UQ596PE 1 year post warranty 4 hour onsite 24x7 coverage for hardware 24x7 software phone support UQ597PE Installation with HP provided contiguration system based pricing US668E 3 Yr 6 hr Call to Repair Onsite UW374E 4 Yr 6 hr Call to Repair Onsite UW375E 5 Yr 6 hr Call to Repair Onsite UW376E Refer to the HP website at www hp com networking services for details on the service level descriptions and product numbers For details about services and response times in your area please contact your local HP sales office DA 13376 Worldwide Version 5 October 26 201 1 Page 4 QuickSpecs Accessories HP Threat Management Services zl Module HP Threat Management Modules Services zl Module HP Threat Management Services zl Module with 1 year IDS IP
9. l E8212 zl switch when services module is installed e 40 C when any services module is installed in the right side of the chassis e 50 C when all services modules are installed in the left side of the chassis Up to 4 services modules can be installed in an E5400 zl E8212 zl chassis simultaneously Up to 3 services modules are supported all installed in the left half of the chassis in the E5406 zl chassis it a 50 C temperature specitication is desired When the services module is installed the maximum relative humidity for the switch drops from 95 to 90 Services 3 year 4 hour onsite 13x5 coverage for hardware UQ589E 3 year 4 hour onsite 24x7 coverage for hardware UQ590E 3 year 4 hour onsite 24x7 coverage for hardware 24x7 SW phone support and SW updates UQ59 1 E 3 Year 9x5 SW phone support software updates UQ592E 3 year 24x7 SW phone support sottware updates UQ593E 1 year post warranty parts only global next day advance exchange UQ594PE 1 year post warranty 4 hour onsite 13x5 coverage for hardware HR994E 1 year post warranty 4 hour onsite 13x5 coverage for hardware UQ595PE 1 year post warranty 4 hour onsite 24x7 coverage for hardware UQ596PE 1 year post warranty 4 hour onsite 24x7 coverage for hardware HR995E 1 year post warranty 4 hour onsite 24x7 coverage for hardware 24x7 sottware phone support HR996E Af DA 13376 Worldwide Version 5 October 26 201 1 Page 6 Qu
10. nagement Services zl Module J9 155A Physical characteristics Environment Electrical characteristics Notes Services 9 5 d x 8 13 w x 1 75 h in 24 77 x 20 65 x 4 45 cm 3 25 Ib 1 47 kg 32 F to 122 F 0 C to 50 C important see note for 50 C temperature specitication rules 15 to 90 122 F 50 C noncondensing Dimensions Weight Operating temperature Operating relative humidity Nonoperating Storage temperature 14 F to 149 F 10 C to 65 C Nonoperating Storage 15 to 95 149 F 65 C noncondensing relative humidity Altitude up to 10 000 ft 3 km Maximum heat dissipation 272 BTU hr 287 kJ hr 80 W Maximum power rating and maximum heat dissipation are the worst case theoretical maximum numbers provided for planning the infrastructure with fully loaded PoE if equipped 100 traffic all ports plugged in and all modules populated Maximum power rating Notes Following are chassis operating temperature specifications ot the 5400z1 8212z switch when services modules are installed e 40 C when any services module is installed in the right side of the chassis e 50 C when all services modules are installed in the left side of the chassis Up to four services modules can be installed in a 5400z1 8212z chassis simultaneously Up to three services modules are supported all installed in the left half of the chassis in the 5406zl chassis if a 50 C temperature speciticat
11. nown attacks that have known attack patterns the IPS maintains a signature database that contains the pattern definitions for known attacks and can be automatically updated using a subscription service e Protocol anomaly based detection detects anomalies in application protocol header using signatures Data center protection e Server protection stateful firewall controls traffic to the data center intrusion protection system IPS detects and blocks threats such as worms and viruses to maintain service and application availability Compartmentalization e Departmental protection allows organizations to define departmental security policies to protect local resources with a statetul tirewall and IPS while at the same time allowing high pertormance access to common resources VPN concentration Site to site connectivity IPSec encrypted tunnels help ensure privacy between sites with optional Generic Routing Encapsulation GRE tunneling which is available for full deployment flexibility intersite links can be deployed quickly and controlled with tunnel policies e Secure remote access can be delivered for remote users via securely authenticated IPSec tunnels DA 13376 Worldwide Version 5 October 26 2011 Page Qu ickSpecs HP Threat Management Services zl Module Overview Firewall e Stateful firewall enforces firewall policies to control traffic and filter access to network services maintains session in
12. nt for Linux Shrew Soft VPN client IPSecuritas VPN client for Macintosh OS X Microsoft Windows XP native VPN client Microsoft Windows Vista native VPN client and Microsoft Windows 7 native VPN client both 32 bit and 64 bit Operating Modes e Route Mode provides the deployment of the firewall VPN and IPS in line with traffic tor deep packet inspection to control and filter traffic supports static routes RIP RIPv2 OSPF IGMP and PIM e Monitor Mode provides the deployment of the intrusion detection system IDS to monitor traffic passively out of band with the trattic Management e Remote configuration and management is available through a secure Web browser or a command line interface CLI e Secure Web GUI provides a secure easy to use graphical interface for configuring the module via HTTPS e Command line interface CLI provides a secure easy to use command line interface for contiguring the module via SSH or GY DA 13376 Worldwide Version 5 October 26 2011 Page 2 QuickSpecs Overview HP Threat Management Services zl Module a switch console provides direct real time session visibility e HP PCM Plus and HP Network Immunity Manager provides central management of multiple TMS zl Modules for discovery status management and contiguration e Logging provides local and remote logging of events via SNMP v2c and v3 and syslog provides log throttling and log filtering to reduce the number of
13. pecitic module among other identical or similar modules Technical features e Firewall features O Statetul packet inspection filters are based on destination and source IP address port number and protocol filter selector O Logging Alerts log messages in the WebTrends Enhance Log Format WELF logging of events via SNMP v2 and v3 logs are sent to syslog server and are sent via email messages O Enhanced firewall features port triggering resource reservation service based time outs traffic rate limiting and connection rate limiting e PS IDS features O Anomaly Engine provides patternless attack detection ICMP UDP smurf and DNS spoofing protocol header integrity checks mandatory fields duplicate fields and butter limits SMTP MIME SMTP FTP DNS NNTP IP UDP and TCP O Intrusion protection provides intrusion protection mechanisms and signature updates e VPN features O IPSec AH ESP DES CBC 3DES CBC AES 128 192 256 HMAC SHA1 HMAC MD5 AES XCBC Tunnel mode Transport mode Extended Sequence Number Support and UDP encapsulation for NAT traversal O IKEvl Main mode Aggressive mode Quick mode Contig mode Ditte Hellman Group 1 2 and 5 support SHAI MD5 Pre shared keys RSA DSA signatures Xauth and PFS O PKI SCEP client with PKCS 7 support GY DA 13376 Worldwide Version 5 October 26 201 1 Page 3 QuickSpecs HP Threat Management Services zl Module Technical Specitications HP Threat Ma
Download Pdf Manuals
Related Search