Open Policy Model

Overview

The Open Policy Model (OPM) is Tufin’s device onboarding architecture for adding new devices to TOS. OPM uses device connectors that collect device data and report it into the native TOS architecture. This approach streamlines onboarding and provides a consistent feature set for all supported OPM-based devices.

The connectors can onboard many different kinds of devices, including firewalls, routers, and cloud platforms. They report relevant device information such as interfaces, routes, and policies. After installation on the TOS system, each connector registers automatically so the device can be added and monitored in SecureTrack. OPM device connectors are TOS-version independent. If a specific connector requires a minimum version or has a version-specific dependency, it will be stated in that device’s documentation.

How Does it Work?

OPM device connectors collect device data and report it to the TOS model. The available feature set depends on the information reported by each connector.

Supported OPM Devices

Use the links below to view monitoring instructions and feature support in SecureTrack and SecureChange.

Vendor	Related Links
Huawei	Monitoring Huawei Devices Huawei SecureTrack Features Huawei SecureChange Features
Versa	Monitoring Versa Devices Versa SecureTrack Features Versa SecureChange Features
Aruba	Monitoring Aruba Devices Aruba SecureTrack Features Aruba SecureChange Features

Feature Support Matrix

The following table shows the TOS features that are supported depending on what is implemented in the OPM device connector:

For general questions about OPM device support or compatibility, you can contact [email protected]. This is not a support address. For technical issues, contact Tufin Support.

Tier	SecureTrack+	SecureChange+	Enterprise
Features	Device Viewer Rule Viewer	Permissiveness Violations	Rule History Revision History	Rule Usage Shadowing Rules	Includes matching rules	Access Request - automatic target identification based on network topology	Access requests - USP risk assessment	Access Request - Adding Access Ticket to rule mapping Access Request – Decommissioning Access	Access Request - Adding Access Access Request – Decommissioning Access

Tier

SecureTrack+

SecureChange+

Enterprise

Use Case

Policy Management

Compliance

Audit

Cleanup

Path Analysis

Automatic Target Selection

Risk Analysis

Automation Design

Automation Verification

Update Device

Features

check mark Device Viewer

check mark Rule Viewer

check mark Permissiveness

check mark Violations

check mark Rule History

check mark Revision History

not supported Rule Usage

not supported Shadowing Rules

check mark Includes matching rules

check mark Access Request - automatic target identification based on network topology

check mark Access requests - USP risk assessment

check mark Access Request - Adding Access

check mark Ticket to rule mapping

not supported Access Request – Decommissioning Access

check mark Access Request - Adding Access

check mark Access Request – Decommissioning Access