ZoneRanger is an application-layer proxy firewall appliance for management protocol traffic, which can effectively extend the reach of management applications, such as OpenView Network Node Manager (NNM), CA eHealth, SolarWinds Orion, InfoVista, EMC Smarts, IBM Tivoli Netcool, Voyence, OpsWare (HPNA), NetQoS, NetFlow Tracker, TACACS+, MRTG/PRTG, CiscoWorks and any in-house application using supported protocols, into firewall-partitioned network zones, while mitigating security risk.

As a management proxy solution the ZoneRanger supports SNMP, SNMPv3, ICMP Ping, SSH, FTP, TFTP, TACACS+, Radius, NTP, Syslog, sFlow, ICMP traps, and Netflow.  The ZoneRanger will inspect, validate, and proxy all of these protocols over a single, secure TLS/TCP encrypted connection using two firewall ports.  This ZoneRanger function eliminates the need for management protocol firewall rules or open, unencrypted firewall ports.  Eliminating these rules and ports greatly reduces penetration vulnerabilities.  The elimination of these management firewall rules also removes the risk of human error in writing the rules and the extensive manpower requirements to create and manage the rules. 

For inbound UDP protocols, such as sFlow, Netflow, Syslog, and SNMP Traps an additional feature is available.  The ZoneRanger has a filter capability allowing inbound UDP traffic to be consolidated, broken into multiple data streams, and fully duplicated to multiple destinations.

The ZoneRanger can also be deployed in the core of the network to consolidate and eliminate ACLs.  This simple configuration allows ACLs lists to drop from pages to a few entries by restricting all management traffic to originate from the ZoneRangers. This ZoneRanger deployment dramatically tightens core network security and reduces manpower required in device configuration and deployment. Using this feature in conjunction with the proxy cache feature can greatly reduce management traffic.

For Service Providers, the ZoneRanger shields the NOC and management applications from duplicate (overlapping) IP addresses.  By default, the ZoneRanger provides an application-level NAT between the NOC network and customer network.  Therefore, the Service Provider can monitor/manage the customer network within a complex NAT solution or re-IP the customer network.

The ZoneRanger is available as a VMware ESXi image for deployment on Cisco Services-Ready Engine Virtualization (SRE-V) or Unified Computing System (UCS) Express server virtualization platforms.  The ZoneRanger is also available as a hardened, 2-U, rack-mounted application.

  • Zr_image
  • Transparent_tavve_logo

Deep packet inspection and validation of traffic before proxy: SNMP, ICMP ping, SSH, FTP, TFTP, NTP, RADIUS, TACACS+

Inbound inspection and filtering for mulitple destinations of UDP protocols: Netflow, Syslog, ICMP Traps, and sFlow

100% transparent application:  the management application (CiscoWorks) and the ASR9000 are shielded from the RangerGateway (RG), firewall, and ZoneRanger that have intercepted, validated, and delivered all management related messages.

Office Facilities US & Canada, European Markets
Support Model Direct to customer
Support Coverage Hours 24x7 Standard business hours, with after hours pager support
TAC Hotline 919-460-1789
TAC Support Alias


Version Verified Compatible Cisco Product Date Tested
5.5 Unified Computing - UCS Manager
  • UCS Manager - UCSM 2.2.1
The Cisco Compatible logo is used to signify that the PARTNER product has undergone technical interoperability testing with the Cisco product specified. The interoperability testing is conducted by a third party laboratory based on testing criteria set forth by Cisco. PARTNER is solely responsible for the support and warranty of its product. Placement of the PARTNER product or information pertaining thereto, on the Cisco Marketplace website does not constitute an offer to sell the PARTNER product in any way. For further information on the PARTNER products, please visit the PARTNER company website.