The following figure shows a more advanced ZoneRanger deployment scenario.
Figure 1-2. Advanced ZoneRanger configuration
In this scenario there are multiple remote networks to be managed (i.e. multiple DMZ's), and
multiple management applications. A redundant pair of ZoneRangers is installed in each DMZ, and
instances of the Ranger Gateway (RG) software have been installed on the majority of the
management application servers. An SSL-encrypted TCP connection is maintained between each
Ranger Gateway instance and each ZoneRanger, so that each management application is able to
reach all of the DMZ devices that need to be managed. As a result, there is a many-to-many
relationship between Ranger Gateways and ZoneRangers: each Ranger Gateway instance can be
joined to multiple ZoneRangers and each ZoneRanger can be joined to multiple Ranger Gateways.
The figure also shows two management application servers, one with CiscoSecure ACS and one
with a Trap/Syslog Receiver, that do not have the Ranger Gateway software installed, but instead
interact with the ZoneRangers using Ranger Gateway software installed on another server.
Depending on the nature of the management application, the management protocols being used, and
the server hardware involved, this simplified approach may be advantageous in some situations. In
most cases, however, installing the Ranger Gateway on the same server as the management
application is the preferred approach.
Ranger Gateway software can be installed on any of the various hardware platforms that support the
following operating systems:
•
Centos 5.2 or later
•
Red Hat Enterprise Linux version 4.0 or higher
•
Solaris 2.8 or higher
•
SuSE Linux version 11.1 or higher
•
Windows XP, Server 2000, Server 2003, 2008 Server, 2008 Server R2
ZoneRanger Services
The primary function of the ZoneRanger is to act as an application-layer proxy firewall for the
protocols most typically used by management applications. ZoneRanger provides proxy services
covering a variety of protocol scenarios:
ZoneRanger 5.5 User's Guide
9