HOME LITERATURE TechNotes
TechNote: Using ZoneRanger to Manage Devices in a CiscoWorks Environment Print

The Challenge

The network operations team uses CiscoWorks to manage the device inventory and equipment configuration files.  Although this is straightforward within the enterprise, unsecured networks such as DMZs can be problematic due to restrictive security policies and procedures.  Without extensive firewall configuration and management, devices outside a firewall are unmanageable by CiscoWorks.  In particular,

  • CiscoWorks cannot include DMZ devices into its inventory since the firewall restricts SNMP traffic to the unsecured network;
  • Syslog messages from equipment in the DMZ cannot reach CiscoWorks since the firewall blocks syslog messages from the unsecured network;
  • SNMP traps from equipment in the DMZ cannot reach CiscoWorks since the firewall blocks SNMP traps from the unsecured network;
  • TFTP configuration files of equipment in the DMZ cannot be received by CiscoWorks since the firewall blocks TFTP traffic from the unsecured network.

The ZoneRanger Solution

ZoneRanger provides a secure, encrypted, and reliable conduit for UDP protocols such as Syslog, SNMP, ICMP, NetFlow, and TFTP for management applications like CiscoWorks.  Using ZoneRanger, the network operations team can manage devices in the unsecured network exactly like the enterprise network with no application or firewall configuration modifications.  ZoneRanger extends network manageability without sacrificing network security.

CiscoWorks configuration

 

How does ZoneRanger fit into your network?

What others are saying...

"Tavve has developed the ZoneRanger product, in order to enable companies to leverage their centralized management infrastructure across firewall-partitioned networks, while mitigating risks associated with management protocols."
Tavve: ZoneRanger 
Subraya Mallya
PrudentCloud.com


"Without a more secure approach to managing the protocols and tools that manage the network - including the 'trusted' internal network - enterprises may be exposing themselves to more risk than they realize."

Scott Crawford, CISSP, ISSAP, ISSMP
Senior Analyst, Enterprise Management Associates

"ZoneRanger effectively extends the reach of management applications to devices located beyond firewalls, eliminating the need for complicated firewall configurations, extensive agent deployments, or expensive application replication. ZoneRanger also provides security, acting as an application layer proxy firewall, inspecting and validating the traffic relayed between applications and devices.
Jim Doble, CISSP
CTO, Tavve