On This Page
USP Viewer
Overview
You use the USP Viewer to create, view, modify, and delete Unified Security Policies (USPs). You can build new USPs from scratch, use a predefined template, or use Security Policy Builder (SPB).
SPB is a Tufin extension that analyzes rules to build and maintain USPs. For more information, see the Security Policy Builder Knowledge Center.
Before you create a new USP, make sure all the required zones have been created (see Network Zones); zones can be added or removed later.
Compliance Templates
SecureTrack includes predefined USP templates based on network segregation, as specified in common regulations and standards. These include PCI-DSS, ISO 27001, NERC CIP, NIS 800-53 and custom best practices and let you define a connectivity policy on your network.
What Can I Do Here?
- Create a USP from scratch
- Create a USP from a template - Click +ADD UNIFIED SECURITY POLICY and select the appropriate template.
- Edit a USP
- Open the USP in SPB
- Filter the displayed USPs
- View a selected USP
- Delete USPs
Create a USP Zone From Scratch
-
Click +ADD USP. The Create USP dialog appears.
-
If you want to use SPB to build your USP, click Security Policy Builder.
-
If SPB is already installed, the extension opens automatically.
-
If SPB is not yet installed, the Tufin Extensions website opens where you can download it.
-
-
Enter the USP name.
- Select domain - available only when you are authorized to two or more domains.
-
To add zones, click one or more zones in the Available Zones window and then click > or click >> to move all zones. Press and hold the Ctrl or Shift keys for multiple selection.
-
To remove zones, click one or more zones in the Selected Zones window and then click > or click >> to remove all zones. Press and hold the Ctrl or Shift keys for multiple selection.
By default, there is a maximum of 100 zones in a USP. If you need a USP with more than 100 zones, contact Tufin support.
-
After you have added zones to the USP, you can set the policy for each zone .
-
(optional) Enter the USP description.
-
Click Create.
Edit a USP
Add or remove zones in the USP. To set or change the policy between zones, see USP Builder.
-
Select the check box for the USP and click Actions > Edit USP.
-
Change the USP name, domain (if you have authorization to multiple domains), and description as required.
-
To add zones, click one or more zones in the Available Zones window and then click > or click >> to move all zones. Press and hold the Ctrl or Shift keys for multiple selection.
-
To remove zones, click one or more zones in the Selected Zones window and then click > or click >> to remove all zones. Press and hold the Ctrl or Shift keys for multiple selection.
By default, there is a maximum of 100 zones in a USP. If you need a USP with more than 100 zones, contact Tufin support.
-
Click Save.
See also Exporting and Importing USPs.
Open a USP in SPB
You can use SPB to modify your USP.
-
Select the check box for the USP and click Actions > Security Policy Builder.
-
If SPB is already installed, the extension opens automatically.
-
If SPB is not yet installed, the Tufin Extensions website opens where you can download it.
-
Filter the Displayed USPs
Filter the USPs listed using TQL.
Sort Field (can order by)
-
Name
All Fields
Field Name | Description | Field Type / Example Values |
---|---|---|
appliedToAnyDomain |
True: Select only USPs that apply to all domains False: Select only USPs that don't apply to all domains |
True, False |
description |
USP Description |
String |
domain.name |
Select only USPs to which this domain has been assigned |
String |
name |
USP Name |
String |
zones.name |
Name of a zone in the USP |
String |
Example
name contains 'usp1' and zones.name contains 'zone2'
Delete USPs
Select the check box for one or more USP cards and click Actions > Delete USP.
How Do I Get Here?
SecureTrack > Browser > USP Viewer.