Using ZoneRanger to Manage Devices in a CISCOWORKS Environment

THE CHALLENGE

The network operations team uses CiscoWorks to manage the device inventory and equipment configuration files.  Although this is straightforward within the enterprise, unsecured networks such as DMZs can be problematic due to restrictive security policies and procedures.  Without extensive firewall configuration and management, devices outside a firewall are unmanageable by CiscoWorks.  In particular:

  • CiscoWorks cannot include DMZ devices into its inventory since the firewall restricts SNMP traffic to the unsecured network
  • Syslog messages from equipment in the DMZ cannot reach CiscoWorks since the firewall blocks syslog messages from the unsecured network
  • SNMP traps from equipment in the DMZ cannot reach CiscoWorks since the firewall blocks SNMP traps from the unsecured network
  • TFTP configuration files of equipment in the DMZ cannot be received by CiscoWorks since the firewall blocks TFTP traffic from the unsecured network.

The ZoneRanger Solution

ZoneRanger provides a secure, encrypted, and reliable conduit for UDP protocols such as Syslog, SNMP, ICMP, NetFlow, and TFTP for management applications like CiscoWorks.  Using ZoneRanger, the network operations team can manage devices in the unsecured network exactly like the enterprise network with no application or firewall configuration modifications.  ZoneRanger extends network manageability without sacrificing network security.