Monitoring Huawei Devices

Overview

The Open Policy Model (OPM) lets you use Tufin to monitor firewall devices that are not supported by default. Tufin provides device connectors that collect the device's configuration and policy data and import it into SecureTrack.

The Huawei device connectors support onboarding Huawei routers and firewalls. SecureTrack connects to these devices over SSH and pulls topology and rule data based on the sync schedule set in Tufin-Integrations.

Prerequisites

Before you begin, make sure:

  • Your system is running TOS R24-2 PHF4 or later

  • You have access to the Customer Portal to download the OPM package

  • You have admin credentials for SecureTrack and SecureChange

  • You have sudo permissions on the TOS machine to run the installer

  • You can upload files to the TOS machine. Recommended path is /opt/misc.

  • The TOS server has either SSH access or HTTP/OAuth port access, depending on the vendor

You do not need to uninstall existing OPM packages before upgrading. The installer detects and upgrades previous versions automatically.

Install the OPM Package

Install the OPM package from the shell on the TOS machine. The steps are the same for new installations and upgrades.

Add a Device

  1. In SecureTrack, go to Monitoring > Devices > Device Viewer.

  2. Click Add Device and select Add OPM Device.

  3. In the ADD OPM DEVICE popup, fill in the following fields:
    Field Name What to Do
    Vendor

    Select the correct vendor from the list.

    This may appear as UNKNOWN if your system is running a version earlier than R24-2 PHF6.

    OPM agent

    Select the registered agent for the vendor.

    This appears only if the agent was installed successfully

    TypeChoose the supported device type from the list, such as Router or Firewall.
    Display nameEnter the name to display in SecureTrack
    IP Enter the IP address of the device.

    • OPM supports both Router and Firewall device types.

    • TOS must have SSH connectivity to the device to retrieve topology and policy information.

Configure Device Properties

After clicking Next, SecureTrack shows additional fields. Fill in the required values below.

  • The SSH user must have admin (read/write) access to the device.

    This allows SecureTrack to retrieve configuration data and run all required commands.

  • For Firewall devices, the user must also be able to switch between virtual systems.

Field Name What to Do

arguments

(optional) Leave blank unless instructed otherwise

enable_pass... (optional) Enter the enable password to switch to system-view mode, if required by the device.
password* Enter the SSH password for the device.
username* Enter the SSH username for the device.

Click Save to finish adding the device.

Tufin-Integrations is the updated web interface for managing OPM devices and other Tufin Integrations. The OPM package installs this interface automatically if it is not already present.

You use this interface to:

  • Assign OPM devices to either the Main server or a Remote Collector (RC)

  • Schedule automatic sync jobs

  • View job history, including results and errors

This interface runs the script that connects to your device, retrieves configuration data (such as interfaces, routes, and rules), and syncs it with TOS. This replaces real-time monitoring with scheduled or manual data collection.

The sync does not happen automatically. The script runs only when triggered manually or by the scheduler.

After running the sync, you can verify that SecureTrack received the device configuration and created a revision.

How Do I Get Here?

SecureTrack > Monitoring > Devices > Device Viewer