Tavve zoneranger User Manual page 68

The primary advantage of GVI and RGVI is that the existence of the HTTP/HTTPS proxy is
completely transparent to the management application. Common routing mechanisms within the
underlying operating system are used to intercept traffic bound for devices in firewall-partitioned
networks, so there is no need to modify or reconfigure the management application in any way.
Another advantage is that the same mechanism can be used for other proxy services, such as ICMP
proxy, or SNMP proxy.
SOCKS
SOCKS is a standard protocol for generic TCP and UDP proxy services that can be used to redirect
management traffic from the management application to a SOCKS server integrated within the
Ranger Gateway. In order to use SOCKS, either the management application must include built-in
support for SOCKS, or generic SOCKS "shim" software must be installed on the management
application server. The shim software inserts itself between the management application and the
server's TCP/IP stack, and redirects traffic for specified IP addresses and ports to a SOCKS server,
based on configuration information.
In order to access a managed device through HTTP or HTTPS proxy, a SOCKS-aware web browser
initially establishes a TCP connection to the SOCKS port (by default, ) on the Ranger
4855
Gateway. After this connection is established, the client application sends a SOCKS connection
request to the Ranger Gateway, indicating the managed device and port to which the client would
like to connect.
The SOCKS server on the Ranger Gateway will check the Proxy Access Control configuration to
verify that the request should be allowed, and to identify the proxy service to which the request
should be forwarded. The Ranger Gateway will then consult the Proxy Map service in order to
identify a ZoneRanger that is able to proxy traffic to the target device, and to translate the target
address, if necessary, then forwards the connection request to the selected ZoneRanger, which
attempts to connect to the target device. If this connection is successfully established, the
ZoneRanger notifies the Ranger Gateway, which in turn notifies the web browser.
From this point, the Ranger Gateway and selected ZoneRanger simply relay data between the client
application's TCP connection to the Ranger Gateway and the ZoneRanger's TCP connection to the
target device, allowing the web browser and target device to exchange HTTP/HTTPS requests and
responses. The Ranger Gateway and ZoneRanger continue to relay data until one of the connections
is disconnected. Most web browsers support the SOCKS protocol.
As an example, the following steps would be used to configure Internet Explorer 6.0 to use the
SOCKS server on the Ranger Gateway (port 4855).
1. Select Internet Options... from the Tools menu and click the Connections tab. The
resulting dialog should be as shown in the following figure.
ZoneRanger 5.5 User's Guide 68