More often than not, the simplest way to verify that a network device is operating and reachable is the simple, ubiquitous ICMP echo request, more commonly referred to as “ping”. Applications for this simple but powerful protocol mechanism range from the familiar “ping” command, to sophisticated management applications that use ICMP echo requests to poll device status or measure network latency.

The common industry practice where networks are partitioned into security zones using conventional firewalls creates a problem for users of these management applications, requiring them to choose between two equally unacceptable alternatives: prevent ICMP from passing through the firewall, accepting limited ability to manage the devices beyond, or allow ICMP to pass through the firewall, accepting the associated security risks.

ZoneRanger resolves this dilemma, acting as an application-layer proxy firewall for ICMP echo request/response traffic, enabling management applications to extend their reach beyond firewalls, while mitigating the associated security risks. All ICMP echo request/response protocol traffic is carefully inspected by the ZoneRanger, and responses are matched with known outstanding requests, before being allowed to pass.

ICMP is part of a growing suite of management protocols supported by ZoneRanger. Other supported protocols include:

• FTP
• HTTP / HTTPS
• NetFlow / sFlow
• NTP
• SNMP
• Syslog
• TACACS+ / RADIUS
• Telnet / SSH
• TFTP