Supported Devices and Platforms

The listings below are applicable to the latest hotfix available for this release.

You can configure SecureTrack to monitor and analyze these devices:

Amazon AWS

Amazon AWS EC2

Check Point

Any gateway that is connected to these devices:

Domains (CMA and SmartCenter)

R81.20
R81.10 (with Check Point API version 1.8)
R81 GA (with Check Point API version 1.7)
R81 (with Check Point API version 1.7)
R80.40 (with Check Point API versions 1.5 and 1.6)
R80.30 (with Check Point API versions 1.4 and 1.5)
R80.20 (with Check Point API versions 1.1 and 1.4)
R80.10 Jumbo Hotfix T70 and above
R80

Multi-Domain Security Management (MDS , Provider-1)

R81.20
R81.10 (with Check Point API version 1.8)
R81 GA (with Check Point API version 1.7)
R81 (with Check Point API version 1.7)
R80.40 (with Check Point API versions 1.5 and 1.6)
R80.30 (with Check Point API versions 1.4 and 1.5)
R80.20 (with Check Point API versions 1.1 and 1.4)
R80.10 Jumbo Hotfix T70 and above
R80

Smart-1 Cloud

All Gateways

VSX

Edge Devices

VPN-1 VSX Virtual Edition (VE) Edge

Check Point CloudGuard integration with Azure, Amazon AWS, Cisco ACI, and VMware NSX

Cisco

Application Centric Infrastructure (ACI) - Cisco Application Policy
Infrastructure Controller (APIC)

6.0
5.2
5.1
4.2
4.0

ASA

9.18
9.13 (from version 8.3 includes forward reference support and Virtual Contexts)
9.2- 9.9
9.1

FWSM

5 (including Virtual Contexts)
4

FWSM devices are supported, but not shown in the Rule Viewer

ASR9000/CRS

IOS-XR 5.1.1

Nexus

7.0
6.2.1
switch Nexus 1000v versions 4.2 and 5.1

Switches and Routers

IOS

12.1

12.2(44)se5

15.1(4)m2

IOS XE

17.3

IOS-XE SD-WAN (Viptela cEdge)

17.03.04

16.12.05

IOS XR

7.5.x

Firewall Management Center (FMC) (formerly Firepower)

7.4
7.3
7.2.x
7.0.x
6.3 - 6.7
  • Firewall Threat Defense is supported via Firewall Management Center

Meraki Dashboard

Meraki Dashboard API 1.28.0 is fully supported.

MX Firewall
Z-series (Teleworker gateway) Firewall

F5

F5 devices are supported, but not shown in the Rule Viewer

BIG-IP Local Traffic Manager

17.0.x
16.1.x
15.1(iApps are not supported for all versions)
14.1
13.1

BIG-IP Local Traffic Manager

9.4.2 and above (Supported with preinstalled TOP plugin only)

Forcepoint (formerly Stonesoft)

Sidewinder (formerly Firewall Enterprise)

8.3

SMC

7.1.1 (Supports API versions 6.10)

7.1 (Supports API versions 6.10 and 7.0)

7.0 (SMC 7.0 and above supports API version 7.0)

6.10

6.9 (SMC 6.9 and above supports API version 6.8)
6.8
6.7
6.5
6.4 (SMC 6.4 through 6.8 supports API version 6.4 and 6.5)
6.3
6.1
5.10 (SMC 5.10 through SMC 6.3 supports API version 5.10 )
5.6 - 5.9

Fortinet

FortiGate

7.4.x (Fortinet Manager required for IPv6 support)
7.2.x (Fortinet Manager required for IPv6 support)
7.0.x (Fortinet Manager required for IPv6 support)
6.4.x
6.2
6.0.x
5.6.x

FortiManager

Only Profile-based NGFW mode is supported.

7.4.x
7.2,x
7.0.x
6.4.x
6.2.x
6.0.x
6.0.x
5.6.x
5.4.x
5.2.x
5.0.x

Google Cloud

GCP Project

GCP Projects and GCP VPCs are supported.

Juniper

NetScreen

SSG 6.3
ISG 6.3 (All versions include Virtual Systems)

SRX

22-1R1 (Syslog configuration required for Logical Systems)
21.2R3
20.4R3
19.4 (All versions include Logical Systems)
19.4 (All versions include Logical Systems)
15.1
12.3x48
12.1
10.4

M/MX

19.4 R3-S1.3
16.1 R4 (All versions support stateful policies, they do not support stateless filters)
13.3 R10.2
12.3

Microsoft Azure

Azure Resource Manager

Azure Resource Manager is supported, but not shown in the Rule Viewer

Azure Firewall Standard

Azure Firewall Premium

Palo Alto Networks

Panorama devices and PanOS firewalls

11.1.x
11.0.x
10.2.x
10.1.x
10.0.x
9.1.x
9.0.x (includes NSX-v support for SecureTrack)
8.1.x

Panorama Basic devices are supported, but not shown in the Rule Viewer

Prisma Access (managed by Panorama)

Symantec (formerly Blue Coat)

SGOS

5.3.2.1
6.7.1.1 (Supported with preinstalled TOP plugin only)

Proxy AV/SG

400 (Supported with custom TOP plugin only)

Blue Coat support will not be affected after R25-1/R25-2 when new vendors cannot be added using TOP plugins (see Removed Features).

VMware

VMware NSX-V

As part of an End of Life process, support for this device is limited in TOS Aurora. For details, see Release Notes.
6.4.9
6.4.6
6.4.4
6.4.0

VMware NSX-T and VMC

4.1 (Change accountability supported)
4.0 (Change accountability is not supported)
3.2.x
3.1
3.0

Notes for VMware NSX-T

  • When you upgrade to R23-2 and later, TOS updates certain APIs which don't align with VMware's current best practices for NSX-T devices. If imported logical routers are disconnected at the time of the upgrade, TOS will not be able to replace the old deprecated APIs with the new ones. If this occurs, the imported logical routers will appear in the Manage Devices page with the text "Unavailable." TOS will not be able to receive revisions from unavailable logical routers. If this occurs, check your device connectivity and reconnect if necessary. TOS will try to reach the device every day for 14 days. If the device is still unavailable after 14 days, please contact Tufin Support.

vCenter

7.0
6.5

Zscaler

Internet Access (ZIA) Cloud Firewall