Starting from R23-1 PGA.0.0., Check Point OpenStack devices will no longer be supported by Tufin Orchestration Suite.

Adding OpenStack Devices

TOS Classic monitors the OpenStack platform for policy revision changes. To help you organize the information for your devices, you can use the device information worksheet. To see which TOS features are supported for your device, review the feature support table.

TOS Classic and the monitored devices must be synchronized with the correct date and time, either manually or automatically. We recommend that you also configure the devices to resolve DNS queries.

Monitor a OpenStack Device

To configure TOS Classic to monitor the policy revisions of a OpenStack device:

  1. In TOS Classic, go to Settings >  Monitoring > Manage Devices.

  2. Select the appropriate device type:

    Add Devices

  3. Configure the device settings:

    • Name for Display

    • Domain: Available only if you have configured your system for managing multi-domains and All Domains is currently selected. Select the domain to which to add the device. The Domain can only be entered when adding a device; to change the Domain, you must migrate the device.

    • Keystone IP Address: Enter the IP address of your OpenStack platform.

    • ST server: In a distributed deployment, the OpenStack platform must be monitored by the Central server.

    Click Next.

  4. Configure the TOS Classic connection to the OpenStack device, according to the parameters required by the device:

    1. Enter the user name of the OpenStack user that has permission to retrieve the policies.

      The user can be a admin or a project member with read/write permissions.

    2. Enter and confirm the password of the OpenStack user.

    3. Select to connect to OpenStack over http or https.

    4. If your OpenStack system uses a custom port for connections, enter the Keystone port number.

    5. Click Next.

  5. In Monitoring Settings, do one of the following:

    • To use real-time monitoring and timing settings from the Timing page, select Default.

    Otherwise, select Custom and configure the monitoring mode and settings.

    Real-Time Monitoring: Applies only if syslogs Sending Additional Information via Syslog) are configured. Select Custom settings and configure:

    • 'Install policy' interval: When two or more Install Policy events for the same policy occur within this time interval, TOS Classic combines the events into a single Install Policy revision (Default: 60 seconds)

    • Automatic fetch frequency: Frequency (in minutes) for automatic fetch 

    • Periodic Polling, select Custom settings and configure the Polling frequency: How often TOS Classic fetches the configuration from each device.

      If you select 1 day, you can then select the exact time (hour and minute) for the daily polling.

    Click Next

  6. Save the configuration.

    The OpenStack device now appears in the Monitored Devices tree.

  7. To manually add Virtual Cloud Projects to your device, wait for a revision to be received from the device (you can see the revision in Compare view). This may take several minutes. Then, add the Virtual Cloud Projects:

    1. In the Monitored Devices tree, select the device.

    2. Click Import Virtual Cloud Projects (only enabled for Manual Import):

    3. Select all the Virtual Cloud Projects to be added.

      If the option to collect rule and object usage statistics for virtual contexts is available, it is enabled.

      If you do not want to collect these statistics, clear the options before you import the virtual contexts.

  8. Click Save.

How Do I Get Here?

In TOS Classic, go to Settings >  Monitoring > Manage Devices.