On This Page
Open Policy Model
Overview
The Tufin Open Policy Model (OPM) is an SDK that allows monitoring firewall devices that are not supported out-of-the-box by TOS Aurora. OPM is an abstraction layer that models device properties, routing, and security policy rules.
To add support for a device that is not supported out-of-the-box, ask your account team to involve Tufin Professional Services. Tufin PS will investigate whether an OPM agent can be developed that identifies the information that TOS Aurora needs in order to see and use your device.
How Does it Work?
The OPM agent serializes relevant device changes and reports them to TOS Aurora. All the supported features such as Rule Viewer, Violations, and Topology will be able to support all OPM-modeled devices.
The OPM architecture includes the device, an OPM Agent, and TOS Aurora.
-
Device: Physical device that the customer wants TOS Aurora to monitor, for example a standalone devices or a managed device.
-
OPM Agent: Software that connects the device to the TOS Aurora server by converting device language to OPM language that TOS Aurora understands.
-
TOS Aurora Server: Server where TOS Aurora runs.
To connect an OPM device to SecureTrack, see Device Viewer.
OPM Feature Support
The following table shows the TOS Aurora features that are supported depending on what was developed in the OPM Agent:
Tier |
SecureTrack+ |
|
SecureChange+ |
Enterprise |
||||
---|---|---|---|---|---|---|---|---|
Use Case |
Policy Management |
Compliance |
Audit |
Cleanup |
Path Analysis |
Automation Design |
Automation Verification |
Provisioning |
Features |
Device Viewer Rule Viewer General Reports |
Permissiveness Violations Best Practices Report |
Rule History Business Ownership Report |
Rule Usage Rule’s Objects Usage Shadowing Rules APG |
Network Path Analysis Security Path Analysis |
Access Request - Adding Access Access Request – Decommissioning Access Modify Group Rule Decommissioning Decommission Network Object Clone Network Object Rule Modification |
Access Request - Adding Access Access Request – Decommissioning Access Modify Group Rule Decommissioning Decommission Network Object Clone Network Object Rule Modification |