Monitoring Versa Networks Devices

Overview

The Open Policy Model (OPM) lets you use Tufin to monitor firewall devices that are not supported by default. Tufin provides device connectors that collect the device's configuration and policy data and import it into SecureTrack.

The Versa device connectors support onboarding Versa Directors using HTTP API and OAuth authentication. SecureTrack pulls topology and rule data from the Director on a defined schedule, based on sync settings in Tufin Integrations.

Prerequisites

Before you begin, make sure:

  • Your system is running TOS R24-2 PHF4 or later

  • You have access to the Customer Portal to download the OPM package

  • You have admin credentials for SecureTrack and SecureChange

  • You have sudo permissions on the TOS machine to run the installer

  • You can upload files to the TOS machine. Recommended path is /opt/misc.

  • The TOS server has either SSH access or HTTP/OAuth port access, depending on the vendor

You do not need to uninstall existing OPM packages before upgrading. The installer detects and upgrades previous versions automatically.

Install the OPM Package

Install the OPM package from the shell on the TOS machine. The steps are the same for new installations and upgrades.

Add a Device

  1. In SecureTrack, go to Monitoring > Devices > Device Viewer.

  2. Click Add Device and select Add OPM Device.

  3. In the ADD OPM DEVICE popup, fill in the following fields:

    Field Name What to Do
    Vendor

    Select Versa Networks from the list.

    This may appear as UNKNOWN if your system is running a version earlier than R24-2 PHF6.

    OPM agent

    Select Tufin-Versa-Networks.

    This appears only if the agent was installed successfully.

    Type Select Director from the list.
    Display name Enter the name to display in SecureTrack
    IP Enter the IP address of the device.

  4. Click Next.

Configure Device Properties

After clicking Next, SecureTrack shows additional fields. Fill in the required values below.

Field Name What to Do
API port Enter the port used to connect to the Versa Director REST API. Default is 9182.
OAuth authenticate port Enter the port used for OAuth authentication. Default is 9183.
OAuth client ID* Enter the client ID provided by your administrator.
OAuth client secret* Enter the secret provided with your client ID.
Username* Enter the API username.
Password* Enter the API user password.

Click Save to finish adding the device.

TOS must have connectivity to both TCP 9182 and 9183 ports on the Versa Director.

Tufin-Integrations is the updated web interface for managing OPM devices and other Tufin Integrations. The OPM package installs this interface automatically if it is not already present.

You use this interface to:

  • Assign OPM devices to either the Main server or a Remote Collector (RC)

  • Schedule automatic sync jobs

  • View job history, including results and errors

This interface runs the script that connects to your device, retrieves configuration data (such as interfaces, routes, and rules), and syncs it with TOS. This replaces real-time monitoring with scheduled or manual data collection.

The sync does not happen automatically. The script runs only when triggered manually or by the scheduler.

After running the sync, you can verify that SecureTrack received the device configuration and created a revision.

How Do I Get Here?

SecureTrack > Monitoring > Devices > Device Viewer