Chapter 31: Tftp Proxy - Tavve zoneranger User Manual

Chapter 31: TFTP Proxy

TFTP (Trivial File Transfer Protocol) is a common protocol used in the management of network device
configurations. The majority of network devices provide mechanisms whereby the devices can be
instructed to transfer their configurations to/from a TFTP server. A growing number of management
applications have been developed to use this mechanism to provide advanced configuration management
for larger numbers of network devices.
ZoneRanger can be configured to proxy TFTP requests to the Ranger Gateway or through the Ranger
Gateway to another TFTP server in the secure environment. Thus, ZoneRanger provides a secure
mechanism for the TFTP protocol to manage the configuration files of ZoneRanger managed devices.
ZoneRanger can also be configured to be a TFTP server for its managed devices.
Using Configuration > Inbound Proxy page TFTP tab, ZoneRanger can be configured how to handle
TFTP requests from managed devices. When a TFTP proxy request is received by the ZoneRanger from
a managed device, ZoneRanger uses the incoming Client Address to determine the appropriate rule from
the TFTP Proxy Rules table. Each TFTP Proxy request can be processed in one of three ways indicated
by Proxy Option:
1. None – Handle the TFTP requests locally on the ZoneRanger
2. To Gateway – Send the TFTP Requests to the specified Ranger Gateway
3. Thru Gateway – Send the TFTP Requests through the specified Ranger Gateway to the port on
a remote TFTP server.
When the To Gateway option is used, the default Read and Write directory on the Ranger Gateway is
install_dir/store/zr/tftpproxy for TFTP files. The Read and Write directories may be changed from the
Ranger Gateway Viewer menu Configure > Gateway Settings window on the TFTP Proxy tab on the
Ranger Gateway.
The Permissions configured in each TFTP Proxy rule specifies if the client is allowed to make read or
write requests, and for write requests, if the user is allowed to create new files. Note, the : Create
permission option is limited to "None" and "To Gateway" proxy options.
The TFTP proxy rule to be used for a given client device for an incoming TFTP request is identified by
searching through the set of configured TFTP proxy rules in order (that is, from top to bottom as they
are displayed in the table) until a match is found. Therefore, the order in which the rules appear in the
table is very important.
Figure 31-1. ZoneRanger TFTP Proxy
ZoneRanger 5.5 User's Guide 108