Set Up Appliance

Proceed only if...

  1. You have completed all the checks on your current TOS Classic system and the results indicate you are ready to set up your target machine.
  2. Your target platform meets all general and platform-specific prerequisites.
  3. You have available all IP, DNS and other information needed to set up the server and TOS Aurora. We recommended putting this information in your worksheet and sharing with relevant administrators.

Otherwise, go back.

In this step you will:

  1. Install TufinOS on your appliance in one of the following ways:

    • Using a USB key (recommended)

    • Using the RMM - remote management console

  2. Configure TufinOS

Install From a USB Key

Prepare the USB Key

  1. Copy the TufinOS install file, downloaded previously, to a Linux machine without extracting the file contents.

  2. Verify the integrity of the downloaded compressed file. Run a checksum tool on the .tgz file and make sure that the output matches the checksum in the matching documentation item in the Download Center.

  3. Decompress the downloaded file:

    [<ADMIN> ~]# tar xzvf TufinOS-X.XX-XXXXXX-x86_64-XXXX-Final.usb.img.tgz
    tar xzvf TufinOS-X.XX-XXXXXX-x86_64-XXXX-Final.usb.img.tgz

    After decompression, you will have two files - the main .img file and a .sha256 checksum file.

  4. Verify the integrity of the TufinOS image using the checksum file:

    [<ADMIN> ~]# sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-XXXX-Final.usb.img.sha256
    sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-XXXX-Final.usb.img.sha256
  5. Connect the USB key to the Linux server.

  6. Run the command:

    [<ADMIN> ~]# dmesg | tail
    dmesg | tail
  7. At the end of the output of this command you will find the USB drive device name. Usually it is /dev/sda, /dev/sdb, or /dev/sdc. Copy that name.

  8. Erase the USB key before copying the TufinOS image to it:

    [<ADMIN> ~]# dd if=/dev/zero of=<usb flash drive device name> bs=512
    dd if=/dev/zero of=<usb flash drive device name> bs=512
  9. Copy only the decompressed TufinOS image file to the USB key:

    [<ADMIN> ~]# dd if=TufinOS-X.XX-XXXXXX-x86_64-XXXX-Final.usb.img of=<usb flash drive device name> bs=512
    dd if=TufinOS-X.XX-XXXXXX-x86_64-XXXX-Final.usb.img of=<usb flash drive device name> bs=512

    Where <usb key device name> is the name copied in previous step.

  10. Flush the data to the disk to make sure that all data is copied correctly.

    [<ADMIN> ~]# sync; sync
    sync; sync
  11. Remove the USB key from your machine.

Install TufinOS on the Appliance

  1. Insert the USB key into the appliance.

  2. Connect a monitor and keyboard / KVM or PC with serial connection to the appliance.

  3. Power up the appliance.

    The appliance will boot directly to the TufinOS installer.

  4. You will be prompted to enter the console type.

    If the appliance is connected to a monitor and keyboard, enter kvm-aurora

    Otherwise enter serial-aurora (in this case the appliance must connected to a PC via a serial cable),

    If there is no reply within 60 seconds, all installation messages will be directed to the serial console.

  5. When prompted with a warning that all data will be deleted from the appliance. Enter Continue.

    The install will proceed without requiring further action, until complete.

  6. When prompted to remove the installation media, remove the USB key (or alternative media).

  7. Click the reboot button.

    Make sure the installation media is removed before the appliance restarts.

  8. Wait for the appliance to complete the reboot.

  9. Continue with Configure TufinOS.

Install TufinOS Via the RMM

If you are unable to insert a USB key into the appliance you can install TufinOS remotely using the remote management module (RMM):

Continue according to your appliance model:

 

For T-1100/T-1100XL

  1. Configure RMM on Gen 3.5

  2. Install TufinOS using RMM on Gen 3.5

  3. Configure TufinOS.

Install TufinOS using RMM on Gen 3.5

  1. On your computer, open Configure Java > Security.

  2. Click Edit Site List and add a URL with the RMM IP address. For example:

    HTTPS://<rmm_ip>

  3. Open a browser, enter the RMM IP address and enter username and password to log in.

  4. On the Remote Control tab, click Launch Console, accept any warning messages until the KVM window appears.

  5. In the KVM window go to Device > Redirect Floppy/USB Key Image, select the image file, and click Open.

  6. Reboot the appliance.

  7. When prompted, enter the required TufinOS installation method:

    kvm-aurora

  8. Wait for the Image to load then type continue.

    Starting installer, one moment...
    anaconda 21.-18.22.159-1 for CentOS 7 started.
    * installation log files are stored in /tmp during the installation
    * shell is available on TTY2
    * when reporting a bug add logs from /tmp as separate text/plain attachments
    12:-18:*18 Running pre-installation scripts
    
    	---
    	WARNING: You are about to proceed with the
    	installation of TufinOS on this machine.
    
    	This will result uiith permanent loss of all
    	operating systems, software and data on the
    	machine.
    
    	To abort this process, remove the USB flash drive
    	and restart the machine.
    	---
    
    	Type "continue" or "restart" l->

    The install procedure will continue. If the system issues the message Performing post-installation setup tasks and shortly afterwards starts to reboot, stop the reboot by removing the media as described in the next step below.

    Installing lit op (378/389)
    Installing ncdu (379/389)
    Installing telnet (380/389)
    Instal1ing Arcconf (381/389)
    Installing tree (382/389)
    Installing hdparm (383/389)
    Installing libsysfs (384/389)
    Installing dosfstools (385/389)
    Installing dos2unix (386/389)
    Installing storeli (387/389)
    Installing rootfiles (388/389)
    Installing mailcap (389/389)
    Performing post-installation setup tasks
    Installing boot loader
    .
    Performing post-installation setup tasks
    .
    
    Configuring installed system
    .
    Writing network configuration
    .
    Creating users
    .
    Configuring addons
    .
    Generating initramfs
    .
    Running post-installation scripts
    .
    	Use of this product is subject to the license agreement found at /user/share
    
    	Installation complete. Press return to quit
  9. Watch for the message Running post-installation scripts, after which:

    either the system will start to reboot

    or the following message will be displayed:

    Installation complete. Press return to quit

    When any one of those two events occur, remove the media:

    Select Device > Redirect Floppy/USB Key Image.

  10. With the media removed, reboot the machine.

  11. Open a command line via SSH to the interface IP address (default: 192.168.1.100).

  12. Login with user=tufin-admin, password=admin.

    You will be prompted to set a new password.

  13. Check the TufinOS release.

    [<ADMIN> ~]$ sudo cat /etc/redhat-release
    sudo cat /etc/redhat-release

    For example:

    [tufin-admin@TufinOS ~]$ sudo cat /etc/redhat-release
    TufinOS Linux release 3.90 build <build number> (Final)
  14. Check that the TufinOS supported-tos type is TOS-Aurora.

    [<ADMIN> ~]$ sudo get-supported-tos
    sudo get-supported-tos

    For example:

    [tufin-admin@TufinOS ~]$ sudo get-supported-tos
    TOS-Aurora

For T-1200 / T-800

  1. Configure RMM on Gen 4

  2. Install TufinOS using RMM for Gen 4

  3. Configure TufinOS.

Install TufinOS using RMM on Gen 4 (T-800/T-1200)

  1. Open a browser, enter the RMM IP address and enter username and password to log in.

  2. On the System tab, in the Remote Console Preview area, click on the black area and accept any warning messages until the KVM window appears.

  3. In the KVM window go to Virtual Media > Virtual Storage. click on HD Image in Logical Drive Type and click Open Image.

  4. Select the image file, and click Open.

  5. Click Plug in > OK and confirm that the connection status is OK.

  6. Reboot the appliance.

  7. When prompted, enter the required TufinOS installation method:

    kvm-aurora

  8. Wait for the Image to load then type Continue.

    Starting installer, one moment...
    anaconda 21.-18.22.159-1 for CentOS 7 started.
    * installation log files are stored in /tmp during the installation
    * shell is available on TTY2
    * when reporting a bug add logs from /tmp as separate text/plain attachments
    12:-18:*18 Running pre-installation scripts
    
    	---
    	WARNING: You are about to proceed with the
    	installation of TufinOS on this machine.
    
    	This will result uiith permanent loss of all
    	operating systems, software and data on the
    	machine.
    
    	To abort this process, remove the USB flash drive
    	and restart the machine.
    	---
    
    	Type "continue" or "restart" l->

    The install procedure will continue. If the system issues the message Performing post-installation setup tasks and shortly afterwards starts to reboot, stop the reboot by removing the media as described in the next step below.

    Installing lit op (378/389)
    Installing ncdu (379/389)
    Installing telnet (380/389)
    Instal1ing Arcconf (381/389)
    Installing tree (382/389)
    Installing hdparm (383/389)
    Installing libsysfs (384/389)
    Installing dosfstools (385/389)
    Installing dos2unix (386/389)
    Installing storeli (387/389)
    Installing rootfiles (388/389)
    Installing mailcap (389/389)
    Performing post-installation setup tasks
    Installing boot loader
    .
    Performing post-installation setup tasks
    .
    
    Configuring installed system
    .
    Writing network configuration
    .
    Creating users
    .
    Configuring addons
    .
    Generating initramfs
    .
    Running post-installation scripts
    .
    	Use of this product is subject to the license agreement found at /user/share
    
    	Installation complete. Press return to quit
  9. Watch for the message Running post-installation scripts, after which:

    either the system will start to reboot

    or the following message will be displayed:

    Installation complete. Press return to quit

    When any one of those two events occur, remove the media:

    Select Virtual Media > Virtual Storage > Plug out > OK.

  10. With the media removed, reboot the machine.

  11. Open a command line via SSH to the interface IP address (default: 192.168.1.100).

  12. Login with user=tufin-admin, password=admin.

    You will be prompted to set a new password.

  13. Check the TufinOS release.

    [<ADMIN> ~]$ sudo cat /etc/redhat-release
    sudo cat /etc/redhat-release

    For example:

    $ sudo cat /etc/redhat-release
    TufinOS Linux release 3.90 build <build number> (Final)
  14. Check that the TufinOS supported-tos typeis TOS-Aurora.

    [<ADMIN> ~]$ sudo tos get-supported-tos
    sudo tos get-supported-tos

    For example:

    $ sudo sudo get-supported-tos
    TOS-Aurora

Configure TufinOS

  1. If you want to reset the host name or IP of the machine, do so now. Once TOS Aurora has been installed, changing the host name or IP address will require reinstalling - see Changing IP Address/Host Names. To change the host name, use the command below, replacing <mynode> with your preferred name:

    [<ADMIN> ~]$ sudo hostnamectl set-hostname <mynode>
    sudo hostnamectl set-hostname <mynode>
  2. Configure the server timezone:

    [<ADMIN> ~]$ sudo timedatectl set-timezone <timezone>
    sudo timedatectl set-timezone <timezone>

    where <timezone> is in the format Area/Location. Examples: America/Jamaica, Hongkong, GMT, Europe/Prague.

    To view a list of the time-zone formats that can be used, run:

    [<ADMIN> ~]$ sudo timedatectl list-timezones
    sudo timedatectl list-timezones
  3. Synchronize your machine time with a trusted NTP server. Follow the steps in Configuring NTP Using Chrony. In an HA deployment, all servers need to be synchronized to the same time.

  4. Configure the IP address and DNS, where <Interface Name> is the name of the interface you are using (for example, ens32):

    Use one of these two configuration methods:

    • Method 1: (Recommended) Run this command:

      [<ADMIN> ~]$ sudo nmtui edit <Interface Name>
      sudo nmtui edit <Interface Name>

      and set the following parameters in the window:

      • Set IPv4 CONFIGURATION to Manual
      • Set Addresses for the physical IP, together with the chosen subnet
      • Set Gateway and DNS Servers to the IPs used by your organization
    • Method 2: Edit the configuration files directly:

      1. Edit file /etc/sysconfig/network-scripts/ifcfg-<Interface Name>: For example:

        sudo vi /etc/sysconfig/network-scripts/ifcfg-ens32

      2. Change line BOOTPROTO=dhcp to BOOTPROTO=static

      3. Add entries at the end of the file:

        IPADDR=<NEWIP>
        NETMASK=<MyNetmask>
        GATEWAY=<MyGateway>
        DNS1=<DNS_IP1>
        DNS2=<DNS_IP2>
        IPADDR=<NEWIP> NETMASK=<MyNetmask> GATEWAY=<MyGateway> DNS1=<DNS_IP1> DNS2=<DNS_IP2>

        where

        <NEWIP> is the physical machine IP

        <MyNetmask> , <MyGateway>, <DNS_IP1>, and <DNS_IP2> are the appropriate values for your network

    Restart the network service.

    [<ADMIN> ~]# systemctl restart network
    systemctl restart network

Can I Proceed?

Continue to the next step only if...

  • You have completed the setup described above.