Monitoring Versa Networks Devices

Overview

The Open Policy Model (OPM) lets you use Tufin to monitor firewall devices that are not supported by default. Tufin provides device connectors that collect the device's configuration and policy data and import it into SecureTrack.

The Versa device connectors support onboarding Versa Directors using HTTP API and OAuth authentication. SecureTrack pulls topology and rule data from the Director on a defined schedule, based on sync settings in Tufin Integrations.

The Versa integration is supported only with Versa Director version 22.X or later.

Prerequisites

Before you begin, make sure:

  • Your system is running TOS R24-2 PHF4 or later

  • You have access to the Customer Portal to download the OPM package

  • You have admin credentials for SecureTrack and SecureChange

  • You have sudo permissions on the TOS machine to run the installer

  • You can upload files to the TOS machine. Recommended path is /opt/misc.

  • The TOS server has either SSH access or HTTP/OAuth port access, depending on the vendor

  • If you are installing the OPM agent on a non-TufinOS system, make sure the python3 and bzip2 packages are installed.

You do not need to uninstall existing OPM packages before upgrading. The installer detects and upgrades previous versions automatically.

Install the OPM Package

Install the OPM package from the shell on the TOS machine. The steps are the same for new installations and upgrades.

Add a Device

  1. In SecureTrack, go to Monitoring > Devices > Device Viewer.

  2. Click Add Device and select Add OPM Device.

  3. In the ADD OPM DEVICE popup, fill in the following fields:

    Field Name What to Do
    Vendor

    Select Versa Networks from the list.

    This may appear as UNKNOWN if your system is running a version earlier than R24-2 PHF6.

    OPM agent

    Select Tufin-Versa-Networks.

    This appears only if the agent was installed successfully.

    Type Select Director from the list.
    Display name Enter the name to display in SecureTrack
    IP Enter the IP address of the device.

  4. Click Next.

Configure Device Properties

After clicking Next, SecureTrack shows additional fields. Fill in the required values below.

Field Name What to Do
API port Enter the port used to connect to the Versa Director REST API. Default is 9182.
OAuth authenticate port Enter the port used for OAuth authentication. Default is 9183.
OAuth client ID* Enter the client ID provided by your administrator.
OAuth client secret*

Enter the secret provided with your client ID.

See how to create OAuth credentials in the Versa Director REST API.

Username* Enter the API username.
Password* Enter the API user password.

Click Save to finish adding the device.

TOS must have connectivity to both TCP 9182 and 9183 ports on the Versa Director.

Use Tufin Integrations to configure how SecureTrack syncs with your OPM-managed device. This includes assigning the device to a cluster, scheduling sync jobs, and reviewing job history.

Tufin Integrations is the updated web interface for managing OPM devices. The OPM package installs this interface automatically if it is not already present.

When configuration is complete, SecureTrack runs a script that connects to the device, retrieves configuration data (such as interfaces, routes, and rules), and imports it into SecureTrack. This process replaces real-time monitoring with scheduled or manual data collection.

The sync does not happen automatically. The script runs only when triggered manually or by the scheduler.

After running the sync, you can verify that SecureTrack received the device configuration and created a revision.

How Do I Get Here?

SecureTrack > Monitoring > Devices > Device Viewer