Secure TFTP Proxy
The common industry practice where networks are partitioned into security zones using conventional firewalls creates a problem for these applications, requiring network administrators to choose between two equally unacceptable alternatives: prevent TFTP traffic from passing through the firewall, accepting the resulting loss of ability to transfer configuration files to/from the devices beyond, or allow TFTP traffic to pass through the firewall, accepting the associated security risks. These security risks, in the case of TFTP, are significant, given that TFTP does not require login, and uses UDP, which is relatively easy to spoof, as a transport protocol.
ZoneRanger resolves this dilemma by acting as a proxy TFTP server. Managed devices, acting as TFTP clients, are instructed to transfer files to and from the ZoneRanger, rather than communicating directly with the management applications, eliminating the need to open the firewall to TFTP traffic. The ZoneRanger can proxy TFTP requests through to the management applications, or can be configured to transfer files to/from an internal directory, or to/from directories on the servers where the management applications are installed.
TFTP is part of a growing suite of management protocols supported by ZoneRanger. Other supported protocols include:
- HTTP / HTTPS
- NetFlow / sFlow
- TACACS+ / RADIUS
- Telnet / SSH