On This Page
Policy Analysis
For new installations (from TOS 19-1 and above), Policy Analysis will be disabled and removed from the SecureTrack menu of the Tufin Orchestration Suite (TOS R19-1).
From TOS 19-1 and above, many of the Policy Analysis features and capabilities are also available via Policy Browser and via the Interactive Map > SEARCH PATHS queries.
Policy Analysis is also available in the Tufin Marketplace SecureTrack Reporting Essentials application > Policy Analysis report. The report displays all data related to handling the traffic defined in the query, including relevant devices, interfaces, and rules, as well as a diagram that presents one or more paths for the specified traffic.
If required, you may contact Tufin Support to re-enable the SecureTrack Policy Analysis tab.
Security administrators are often faced with challenges such as worms exploiting various vulnerabilities, which should be mitigated both through patches on servers, as well as locking down the affected network ports between certain networks. On the firewall side, the immediate task is to find out which networks are open and vulnerable, and which firewall rules will accept the suspected traffic.
The size and complexity of modern rulebases, however, make it very difficult to pinpoint and understand exactly what types of traffic will be accepted or dropped. Some advanced rulebase options provide a rich set of features, which further complicate rulebase understanding and clarity.
SecureTrack provides an easy method for determining how any rule or rulebase handles a specified connection type. SecureTrack examines the rulebase contained in each policy revision, and calculates the effective rulebase by simulating the rulebase's top-to-bottom first-match logic, and taking complex scenarios into account (disabled rules, network groups, negated objects, groups with exclusion, etc). This feature enables advanced queries based on different parameters, and displays the rules that match the selected traffic pattern.
IPv6 is not supported for this TOS feature.
