Secure SNMP Proxy
The common industry practice where networks are partitioned into security zones using conventional firewalls creates a problem for users of these management applications, requiring them to choose between two equally unacceptable alternatives: prevent SNMP from passing through the firewall, accepting limited ability to manage the devices beyond, or allow SNMP to pass through the firewall, accepting the associated security risks.
ZoneRanger resolves this dilemma, acting as an application-layer proxy firewall for SNMP traffic, enabling management applications to extend their reach beyond firewalls, while mitigating the associated security risks. All SNMP protocol traffic is carefully inspected by the ZoneRanger, and where applicable is matched with known outstanding requests, before being allowed to pass.
- SNMP Request/Response (to/from devices in a firewall-partitioned zone)
- SNMP Trap (from devices in a firewall-partitioned zone)
In addition to acting as a proxy for SNMP v1 and v2c traffic, ZoneRanger can also be configured to provide SNMPv3 conversion, allowing management applications to continue to use the older, more prevalent versions of SNMP, while enabling the selective use of SNMPv3 within firewall-partitioned zones where higher levels of security are required.
SNMP is part of a growing suite of management protocols supported by ZoneRanger. Other supported protocols include:
- HTTP / HTTPS
- NetFlow / sFlow
- TACACS+ / RADIUS
- Telnet / SSH