Managing Devices in TOS Aurora

Adding a physical or virtual firewall device to TOS Aurora adds the device to the list of Monitored Devices and gives you visibility to the device policy and revisions.

Devices can be added and managed only by SecureTrack Administrators. If you have configured your system for multi-domain management, devices can be added by Multi-Domain Administrators in a selected domain or Super Administrators in a selected domain or when All Domains is selected.

Devices are added by default to the Central Cluster. If you are running a distributed deployment, you can choose whether to attach the devices to the Central Cluster, or to a Remote Collector. Later, you can choose whether to migrate the device (or the device group) to a different cluster.

SecureTrack automatically attaches new devices to an available license component (SKU), the one with the longest duration. If there is an available perpetual license, SecureTrack will attach the device to that license. If not, SecureTrack will choose the subscription license with the latest expiration date. If there is no available license, the device will be considered Plug and Play, and you will have 30 days to contact Tufin and purchase a license for your device. When disabling devices, the attached SKUs become available and you can use them with other devices.

You can install devices from the manufacturers listed below using a simple wizard. The wizard will prompt you for required device information such as the device type, IP address, user name, and password. The required information is different for each device type. Click on a link below to view details of the process for that device type.

All devices need to use TLS 1.2. SecureTrack will not retrieve revisions from devices that use TLS 1.0 or 1.1

You can only add, edit, or delete TOS Aurora entities (such as devices, users, and rules) using the TOS Aurora user interface or API commands. Using any other method may cause data corruption that will necessitate a restore of your data.

For a list of supported devices, see Supported Devices and Platforms.

Monitor Vendor Devices

TOS Aurora uses a few different technologies to monitor each vendor's devices:

  • Cisco Routes/Switches/ASA firewalls, Fortinet, and Juniper: By default, TOS Aurora uses periodic polling, where TOS Aurora connects to each firewall or network device using SSH according to a configurable frequency (by default, 5 minutes) and retrieves its configuration. TOS Aurora can also be configured as a Syslog server for the monitored devices to provide real-time monitoring.

  • Palo Alto Networks, Cisco FMC, Fortinet Fortimanager, and VMWARE NSX: TOS Aurora connects to each firewall or network device via the REST API, according to a configurable frequency (by default, 5 minutes), and retrieves its configuration. TOS Aurora can also be configured as a Syslog server for the monitored devices to provide real-time monitoring.

  • Check Point: TOS Aurora uses Check Point OPSECâ„¢ (Open Platform for Security) to track all the changes made by administrators to Check Point management servers (CMAs, Provider-1 MDSs, and SmartCenters). Whenever an administrator saves or installs a policy, TOS Aurora is immediately notified of the change via LEA logs. A secure OPSEC connection is then used to retrieve the new security policy. When a Check Point management server contains multiple policy packages, TOS Aurora records all packages with each revision. As an alternative to LEA logs, TOS can be notified with changes via Syslog for real-time monitoring. See Configuring Check Point Syslogs.

  • Microsoft Azure, Amazon AWS, Google Cloud, Zscaler ZIA cloud firewall, and Cisco Meraki: TOS Aurora connects to each platform via the REST API, according to a configurable frequency (by default, 5 minutes), and retrieves its configuration.