USP Viewer

Overview

You use the USP Viewer to create, view, modify, and delete Unified Security Policies (USPs). You can build new USPs from scratch, use a predefined template, or use Security Policy Builder (SPB).

SPB is a Tufin extension that analyzes rules to build and maintain USPs. For more information, see the Security Policy Builder Knowledge Center.

Before you create a new USP, make sure all the required zones have been created (see Network Zones); zones can be added or removed later.

Compliance Templates

SecureTrack includes predefined USP templates based on network segregation, as specified in common regulations and standards. These include PCI-DSS, ISO 27001, NERC CIP, NIS 800-53 and custom best practices and let you define a connectivity policy on your network.

What Can I Do Here?

Create a USP Zone From Scratch

  1. Click +ADD USP. The Create USP dialog appears.

  2. If you want to use SPB to build your USP, click Security Policy Builder.

    • If SPB is already installed, the extension opens automatically.

    • If SPB is not yet installed, the Tufin Extensions website opens where you can download it.

  3. Enter the USP name.

  4. Select domain - available only when you are authorized to two or more domains.
  5. To add zones, click one or more zones in the Available Zones window and then click > or click >> to move all zones. Press and hold the Ctrl or Shift keys for multiple selection.

  6. To remove zones, click one or more zones in the Selected Zones window and then click > or click >> to remove all zones. Press and hold the Ctrl or Shift keys for multiple selection.

    By default, there is a maximum of 100 zones in a USP. If you need a USP with more than 100 zones, contact Tufin support.

  7. After you have added zones to the USP, you can set the policy for each zone .

  8. (optional) Enter the USP description.

  9. Click Create.

Edit a USP

Add or remove zones in the USP. To set or change the policy between zones, see USP Builder.

  1. Select the check box for the USP and click Actions > Edit USP.

  2. Change the USP name, domain (if you have authorization to multiple domains), and description as required.

  3. To add zones, click one or more zones in the Available Zones window and then click > or click >> to move all zones. Press and hold the Ctrl or Shift keys for multiple selection.

  4. To remove zones, click one or more zones in the Selected Zones window and then click > or click >> to remove all zones. Press and hold the Ctrl or Shift keys for multiple selection.

    By default, there is a maximum of 100 zones in a USP. If you need a USP with more than 100 zones, contact Tufin support.

  5. Click Save.

See also Exporting and Importing USPs.

Open a USP in SPB

You can use SPB to modify your USP.

  • Select the check box for the USP and click Actions > Security Policy Builder.

    • If SPB is already installed, the extension opens automatically.

    • If SPB is not yet installed, the Tufin Extensions website opens where you can download it.

Filter the Displayed USPs

Filter the USPs listed using TQL.

Sort Field (can order by)

  • Name

All Fields

Field Name Description Field Type / Example Values

appliedToAnyDomain

True: Select only USPs that apply to all domains

False: Select only USPs that don't apply to all domains

True, False

description

USP Description

String

domain.name

Select only USPs to which this domain has been assigned

String

name

USP Name

String
zones.name

Name of a zone in the USP

String

Example

name contains 'usp1' and zones.name contains 'zone2'

Delete USPs

Select the check box for one or more USP cards and click Actions > Delete USP.

How Do I Get Here?

SecureTrack > Browser > USP Viewer.