After two months into our ZoneRanger POC, our security team said, “If it goes through the ZoneRanger we trust it and you don’t need to ask for permission.”
The ZoneRanger is the ultimate DMZ sandbox. We evaluated four NMS platforms at the same time without any changes to firewalls or devices. It was the perfect solution to verify the best NMS for our needs.
We see syslog as the lowest common denominator that we can extract from any device. At the same time, there is a lot of data that needs to be sorted and distributed. The ZoneRanger is the conduit to bring all of our syslog data through the firewall and distribute it to OpenView NNMi, Splunk, Arcsight, and NetQOS.
FireCloud gives us an almost real-time monitoring of low-side networks that we have been unable to see due to the air-gap.
The ZoneRanger allows us to meet out ISO-27001 syslog requirements and re-distribute syslog to several management platforms.
One of the unseen benefits of the ZoneRanger is the ability to run the current and new version of our NMS at the same time. No new rules, no changes to device configs, no changes.
Deploying the ZoneRanger in each of our DMZs was less expensive than an instance of Cisco ACS and a Radius server. We can now authenticate every device in our network, even those in a trust zone, using either TACACS+ or Radius.
The ZoneRanger is the network toaster. Configure it and forget about it. No ports to change, no rules to write. Our team was split up right after we finished the initial deployment. One guy went to another group in bank and two weeks later the second team team member resigned. The original guy came back in 10 months and the ZRs were still online. The ZoneRangers had not been touched.
Splunk is only as good as the data you feed it. Using the ZoneRanger to safely supply data across the firewall boundaries allows us access to data that was not allowed prior to our ZoneRanger deployment.
Our greatest fear is not the outside hacker, but someone who walks in the door each day. It could be an employee, a contractor, or a vendor. By using the ZoneRanger as an application concentrator, we have reduced our ACL from six pages to under two pages. Any management or configuration change is now restricted to physical devices in our NOCs, regardless of where the end-device sits in our global network.
As an MSP, duplicate IP addresses present a significant technical and financial hurdle in acquiring new customers. The NAT features in the ZoneRanger allow us to add new customers without have to re-IP their overlapping IP addresses.
The average firewall rule can be written in 30 minutes. We have calculated our total for each firewall rule to be 12.5 man hours.
Using the ZoneRanger to proxy NTP has solved a major data problem. We collect log files from locations across the globe to process with Archsight. The timestamps are now synchronized.
Using the ZoneRanger’s proxy caching feature has reduced the management traffic levels by 23% while also reducing router and switch workloads.