1. Manuals
  2. Brands
  3. Tavve Manuals
  4. Firewall
  5. zoneranger
  6. User manual

Tavve zoneranger User Manual page 55

Hide thumbs
Table of Contents

Advertisement

and acs2
acs1
and acs4
acs3
Note that acs1 and acs2 have the Ranger Gateway software installed on the same server, while acs3
and acs4 are served by Ranger Gateway instances installed on servers rg3 and rg4 . Assume that
managed devices 10.1.1.22 , 10.1.1.40 , and 10.1.1.64 are to be served by acs1 and acs2 ,
and that the router ( 10.1.1.1 ) and ZoneRangers ( 10.1.1.100 and 10.1.1.101 ) are to be served
by acs3 and acs4 . In order to support this configuration, the following server groups would be
defined:
server-group-1
server-group-1
The pairs configured for each server group have two parts:
A Ranger Gateway that can be used to relay a request to a TACACS+/RADIUS server.
The address that the Ranger Gateway should use to communicate with the TACACS+/RADIUS
server.
In server-group-1 , where the Ranger Gateway instances are installed on the same physical servers
as acs1 and acs2 , the Ranger Gateway address is the same as the server address, and the Ranger
Gateway can use the localhost address ( 127.0.0.1 ) to communicate with the TACACS+/RADIUS
server software installed on the same physical server. In server-group-2 , where the Ranger
Gateway instances to be used are installed on separate servers ( rg3 and rg4 ), either Ranger Gateway
instance can be used to relay traffic to either TACACS+/RADIUS server, so additional pairs are
configured, essentially listing all possible ways to reach all possible servers.
For any given request, the ZoneRanger will perform the following steps:
1. Identify the server group associated with the requesting device, based on configured rule tables
associated with the TACACS+ and RADIUS services.
2. Go through the set of (Ranger Gateway, TACACS+/RADIUS server) entries associated with
that server group, to identify a set of Ranger Gateway candidates. For example, if server-group-
1 was selected in the previous step, the Ranger Gateway candidates would be rg3 and rg4 .
3. Select a Ranger Gateway from the set of Ranger Gateway candidates, based on recent
transaction history.
4. Relay the request to the selected Ranger Gateway, listing all TACACS+/RADIUS server
candidates associated with the selected Ranger Gateway. For example, if rg3 was selected, the
TACACS+/RADIUS server candidates would be: acs3 and acs4 .
When the Ranger Gateway receives the relayed request, a TACACS+/RADIUS server will be selected
from the list of server candidates, based on recent transaction history, and the request will be relayed to
the selected server.
ZoneRanger 5.5 User's Guide
, 127.0.0.1
acs1
, 127.0.0.1
acs2
, acs3
rg3
, acs4
rg3
, acs3
rg4
, acs4
rg4
55
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents