Browse the Knowledge Center
Upgrade to TOS R18-3
What's New in Tufin Orchestration Suite R18-3?
Change Automation and Orchestration
Security, Risk, and Compliance
Devices and Platforms
REST API
Third Party and Open Source Software (OSS)
Document Version Information
Tufin Orchestration Suite
Requirements and Pre-Installation
Hardware Requirements
Supported Devices and Platforms
Operating System Requirements
Preparing the Operating System
Setting up TufinOS
Setting up a non-TufinOS Linux OS
Preparing the Network Environment
SecureTrack Ports and Services
SecureChange Ports and Services
Installing TOS
Deployment
High Availability
High Availability Scenarios
Single Server
Separate Servers for SecureTrack and SecureApp/SecureChange
Distributed Architecture with Distribution Servers
Distributed Architecture with Remote Collectors
High Availability Deployment Configurations
Single Management with Dual Heartbeat
Single Management with Dual Heartbeat and Dedicated Database Sync
Dual Management with Dual Heartbeat
Dual Management with Single Heartbeat and Dedicated Database Sync
Setting Up High Availability
Sample hactl script
Managing High Availability
View Status
Force Failover
Recovery
Remove High Availability
Secret Token
Distributed Architecture
How Distributed Architecture Works
Planning a Distributed Deployment
Setting up a Distributed Deployment
Removing a Component from a Distributed Deployment
Changing IP Addresses in a Distributed Deployment
Multi-Domain Management
Configuring Domains
Enabling Multi-Domain in SecureChange
Enabling Multi-Domain in SecureApp
Monitoring and Maintenance
SNMP Monitoring
Enable SNMP on TufinOS
TOS Suite Administration
Enable/Disable Suite Administration
Enable/Disable Suite Administration - Sample Code
Enable/Disable SecureTrack or SecureChange
Configure SNMP Settings
Configure SNMP Settings - Sample Code
Tufin SNMP Suite Administration Messages
Configure Thresholds and Services
Configure Thresholds and Services - Sample Code
Manage Recipient List for Notifications
Manage Recipient List for Notifications - Sample Code
Configure SMTP Settings
Configure SMTP Settings- Sample Code
Extend SNMP in Suite Administration
Generating Graphical Display of Monitored Data
Backup and Restore
Configuration-only vs. Full Backup
Backing up TOS
Restoring TOS from a Backup
Verifying TOS Backups
Migrating TOS
Upgrading TOS
Determining Your Upgrade Path
Upgrading a Distributed Deployment
Upgrading TOS in High Availability
Upgrading TufinOS in High Availability
Upgrading TufinOS for HA
Upgrading TufinOS for HA - Automatic Failover
Upgrading TufinOS for HA - Manual Failover
Upgrading TufinOS
Upgrading SSL Certificates to SHA-2
Upgrading TLS to TLSv1.2
Uninstalling TOS
Create a New SecureTrack Administrator Username
Ensuring TOS Management Commands Run To Completion
SecureTrack User Guide
Tufin Orchestration Suite (TOS) - SecureTrack
SecureTrack Capabilities
Device Monitoring
Working with SecureTrack
Dashboard View
Compare View
Analyze View
Audit View
Report View
Network View
Settings View
SecureTrack Features by Vendor
Amazon
Check Point
Cisco
F5
Forcepoint
Fortinet
Juniper
Microsoft Azure
Open Stack
Palo Alto Networks
VMware NSX
Users and Permissions
The Default User Scheme
The Multi-Domain User Scheme
Contexts in Multi-Domain Management
Administrative Supervision
Getting Started with SecureTrack
Logging into SecureTrack
The SecureTrack Setup Wizard
Additional Initial Configuration
Managing Device Connections
Managing Monitored Devices
Managing Devices in a Distributed Deployment
Adding Devices to SecureTrack
Adding Amazon AWS Cloud Platform
Amazon AWS AssumeRole Support
Adding Blue Coat Devices
Adding Check Point Devices
Adding Check Point R7x Management and MDS Devices
Adding Check Point R80.x Management Devices
Adding Check Point R80.x MDS Devices
Enabling the API Software Blade
CP Management API
Adding Check Point R80.x CMA Devices
Adding Check Point R80.x SmartCenter Server Devices
Adding Check Point CLM/Log Server Devices
Upgrading to Check Point R80 Support
Troubleshooting: Check Point R80 - "CheckPoint API client error"
Managing Devices in Domains
Firewall OS Monitoring
Using Firewall OS Monitoring
Performance Monitoring
Performance Alerts
Configuring Check Point Firewall OS Monitoring
Configuring SecurePlatform and Crossbeam OS Monitoring
Configuring Nokia IPSO OS Monitoring
Configuring GAiA and Gateway OS Monitoring
Configuring Check Point Server for OPSEC Communication
Adding Devices Configured for High Availability
LEA Monitoring
Configuring SNMP to Use SHA Authentication
Adding Cisco Devices
Adding Cisco ASA Firewall Devices
Adding Cisco PIX Firewall Devices
Adding Cisco FWSM Firewall Devices
Adding Cisco Router Devices
Adding Cisco XR Router Devices
Adding Cisco Switch Devices
Using Cisco Switch Monitoring
Adding Cisco Nexus Switch Devices
Adding Cisco L3 Switch Devices
Adding Cisco Security Manager (CSM) Devices
Adding Cisco Firepower Management Center (FMC) Devices
Adding Cisco ACI as a Device in TOS
Adding F5 BIG-IP Devices
Adding Forcepoint Devices
Adding Forcepoint Stonesoft Management Center (SMC) Devices
Adding Forcepoint Firewall Enterprise Devices
Adding Fortinet Devices
Adding Fortinet Firewall Devices
Adding Fortinet FortiManager Devices
Adding IPtables Devices
Adding Juniper Devices
Adding Juniper Firewall Devices
Adding Juniper NSM Devices
Configuring Juniper SRX Logging
Adding Microsoft Azure Cloud Platform
Check Azure Active Directory permissions
Create a Tufin application in Azure Active Directory
Get application ID and authentication key
Get tenant ID
Assign Tufin application to Reader role
Adding TOP Devices
Installing a TOP Plugin
Adding OpenStack Devices
Adding Palo Alto Devices
Adding Palo Alto PanOS Firewall Devices
Adding Palo Alto Panorama Devices
Adding VMware NSX Cloud Platform
Tracking Unlogged Rules
Creating Read-only Accounts for NSX Devices
Define Internet Object
Managing Device Groups
Configuring Devices to Send Logs
Configuring Check Point Syslogs
Create a Server Certificate for NGINX on the Tufin server
Configure NGINX for mutual TLS authentication
Create a client certificate for log_exporter on the Check Point server
Modify the log_exporter configuration
Configuration Example
Additional Information
Retrieving the Check Point Audit Log
Configuring Cisco Syslogs
Configuring a Cisco ASA to Send Syslogs
Configuring a Cisco PIX to Send Syslogs
Configuring a Cisco IOS Router or Switch to Send Syslogs
Configuring a Cisco Nexus Switch to Send Syslogs
Configuring a Cisco FMC to Send Syslogs
Configuring Fortinet Syslogs
Configuring a Fortinet Firewall to Send Syslogs
Configuring a Fortinet FortiManager to Send Syslogs
Configuring Juniper Syslogs
Configuring a Juniper Netscreen device to Send Syslogs
Configuring a Juniper JunOS device to Send Syslogs
Configuring the NSM to Send Syslogs
Configuring VMware Syslogs
Configuring a VMware NSX device to Send Syslogs
Configuring an External Device for VMware NSX Syslogs
Configuring Palo Alto Syslogs
Panorama 8.x Log Forwarding and Accountability
Panorama 6.x-7.x Log Forwarding and Accountability
Verifying Communication
Offline Analysis
Configuring a Device for Offline Analysis
Obtaining a Policy Configuration File for Offline Analysis
Uploading a Policy Configuration for Offline Analysis
Dashboard and Browsers
SecureTrack Dashboard
Risk Charts
Viewing Security Score and Risk Charts
Change Charts
Cleanup Charts
Viewing Optimization Score and Cleanup Charts
Risk Browser
Risk Configuration
Removing Risks
Editing Risks
Setting Network Types for Risky Rules
Change Browser
Cleanup Browser
CSV Format for Cleanup Instances
Cleanup Configuration
Removing Cleanups
Editing Cleanups
Violations Browser
Violations Browser Summary
Violating Rules
NavigateTo Violations Browser
Policy Browser
Viewing Policy Browser
Viewing General, Violation and Shadowing Information
Searching in Policy Browser
Recertifying Rules
Decommissioning Rules
Reviewing Selected Rules
Editing Rule Metadata
Comparing Revisions
Compare View
Viewing the Revision History
Understanding Revisions
Filtering for Revisions
Viewing Policies
Understanding Policies
Exporting Policies
Cisco Router and Switch Monitoring Overview
Using Cisco Switch Monitoring
Comparing Policy Revisions
Side-by-Side Comparison
Generating a Comparison Report
Analyzing Policies
Policy Analysis
How Policy Analysis Works
Rule Shadowing
Creating a Policy Analysis Query
Scheduling a Policy Analysis Report
Object Lookup
Automatic Policy Generation
How APG Works
Getting Logs for APG
Getting Log Files for Upload
Getting Check Point Logs for Upload
Creating an APG Job
Configuring APG Job Results
Viewing and Exporting APG Job Results
APG Customization
APG Customization XML Syntax
Auditing and Compliance
Best Practice Audits
Creating a Best Practices Audit
Scheduling a Best Practices Audit Report
Regulations Audit Browser
Auditing Compliance with Regulations
Configuring Regulation Audit Profiles
Excluding Rules from Regulations Audits
PCI DSS Tests
Build and Maintain a Secure Network
PCI DSS 1.1.1
PCI DSS 1.1.4
PCI DSS 1.1.5
PCI DSS 1.1.6
PCI DSS 1.2.1
PCI DSS 1.2.3
PCI DSS 1.3.1
PCI DSS 1.3.2
PCI DSS 1.3.3
PCI DSS 1.3.4
PCI DSS 1.3.5
PCI DSS 1.3.6
PCI DSS 1.3.7
PCI DSS 2.2.1
PCI DSS 2.2.2
PCI DSS 2.2.3
Maintain a Vulnerability Management Program
PCI DSS 6.1
Regularly Monitor and Test Networks
PCI DSS 11.2
SOX Tests
COSO Risk Assessment Component
COBIT PO9 - Assess and Manage IT Risks
COBIT ME4.5 - Risk Management
COSO Control Activities Component
COBIT AI2 - Acquire and Maintain Application Software
COBIT AI4 - Enable Operation
COBIT AI6 - Manage Changes
COBIT DS1 - Define and Manage Service Levels
COBIT DS5 - Ensure Systems Security
COBIT DS8 - Manage Service Desk and Incidents
COBIT DS9 - Manage the Configuration
COBIT DS10 - Manage Problems
COSO Monitoring Component
COBIT ME1 - Monitor and Evaluate IT Performance
COBIT ME2 - Monitor and Evaluate Internal Control
COBIT ME3 - Ensure Compliance With External Requirements
Security and Compliance Policies
Unified Security Policy
Working with Security Zone Matrices
Preparing a Security Zone Matrix File
Sample Security Zone Matrix CSV File
List of Tufin Predefined Services
Importing a Security Zone Matrix
Adding Security Zones
Navigate To USP Listing
Configure Device and Interface Preferences
Navigate To - USP Matrix
Working with Cloud Tag Policies
Preparing a Cloud Tag Policy File
Importing a Cloud Tag Policy
Navigate To Cloud Tag Policy
Configuring Exceptions for the Unified Security Policy
Unified Security Policy Alerts
Creating or Editing a Unified Security Policy Alert
Compliance Policies
Creating a Compliance Policy
Creating a Blacklist from a Matrix
Reporting
How Reports Work
Generating Report Results
Viewing a Generated Report Saved in the Reports Repository
SecureTrack Reports
New Revision Report
Advanced Change Report
Firewall Module Change Report
Rule Change Report
Object Change Report
Expired Rules Report
Rule and Object Usage Report
Creating a Rule and Object Usage Report
Importing Rule Usage from Check Point Devices
Policy Analysis Report
Best Practices Audit Report
Baseline Settings Compliance Report
Creating a Baseline Settings Compliance Report
Excluding Specified Settings from Compliance
Software Version Compliance Report
Creating a Software Version Compliance Report
Firewall OS Comparison Report
Creating a Firewall OS Comparison Report
Excluding Specified Settings from Comparison
Security Risk Report
Creating a Security Risk Report
Excluding Specified Rules from the Risk Report
Rule Documentation Report
Creating a Rule Documentation Report
Tufin Device Audit Report
Creating a Tufin Device Audit Report
Business Ownership Change Report
Creating a Business Ownership Change Report
Understanding the Business Ownership Change Report
Reports Configuration Settings
Setting Format and Logo for Reports
Configuring Report Export
Network Mapping
Topology
Topology Intelligence
Enabling Topology for Devices
Interactive Map
Investigating Traffic Paths
Diagnosing Broken Traffic Paths
Joining or Splitting Subnets
Joining Clouds
Refreshing the Map
Adding and Updating a Generic Device
Topology Generic Device: Sample File
Topology of a non-Cisco Generic Device: Sample File
Network Zones
Configuring the Zone List
Managing Zone Subnets
Managing the Users Networks Zone
Managing Zone Security Groups
Managing Zone Hierarchy
Exporting and Importing Zones
Security Zone Matrix CSV File
Configuring SecureTrack Settings
Setting Timing for Monitoring
Firewall OS Monitoring Settings
Change Windows
View and Update a Change Window
Change Window Creation Date and Recurrence
Change Window Duration
System Configuration
User Display Options
User Authentication
Managing SecureTrack Users
Configuring LDAP (Active Directory) Authentication
Configuring TACACS+ Authentication
Configuring RADIUS Authentication
Configuring SSO Authentication Service
Configuring User Identity
Configuring Notifications
Configuring Servers (SMTP and Syslog)
Policy Change, Administrative, Heartbeat, Audit Trail
SecureTrack SNMP Notifications
Identifying SecureTrack SNMP Messages
Tufin SNMP Policy Change and Periodic Change Messages
Linking to Ticketing Systems
Administrative Maintenance
Monitoring Server and Device Status
Database Maintenance
Licensing SecureTrack
SecureTrack License Types
Licenses
Adding Licenses in SecureTrack
Viewing License Status
Managing License Allocation
Diagnostics
SecureTrack Audit Trail
Revisions Status
Customizing the Disclaimer
Brute Force Protection
Tufin Appliance Network Configuration
Command Line Reference
Deprecated Commands
Topology Generic Device: Sample File
Topology of a non-Cisco Generic Device: Sample File
Worksheets
Check Point Device Information Worksheet
Cisco/TOP Device Information Worksheet
Juniper/Fortinet/Palo Alto Device Information Worksheet
Troubleshooting SecureTrack
Can't Log into SecureTrack
Can't Connect to SecureTrack Web UI
SecureTrack Displays a Blank Page
New Policy Revisions are not Shown
Wrong Policy Packages are Compared
Email Notifications are not Received
Database Disk Space is Low Alert
Connectivity Status Error Messages
Error Messages for Check Point devices
Error Messages for non-Check Point devices
Troubleshooting Network Connectivity
Troubleshooting OPSEC Connectivity
Retrieving SIC Certificates for Check Point devices <draft>
No Performance Data
Usage Report Error: Waiting for initial policy installation
Upgrade fails due to No Valid License
Collecting Support Information
Collecting Diagnostics Information
Collecting a Debug Log Session
Sending Files to Tufin Support
SecureChange User Guide
SecureChange Overview
SecureChange Capabilities
Tufin Orchestration Suite (TOS) - SecureChange
The SecureChange Solution
Working with SecureChange
SecureChange Features by Vendor
Amazon
Check Point
Cisco
Forcepoint SMC
Fortinet
Juniper
Palo Alto
VMware
The Change Request Lifecycle
How SecureChange Works
Supported Devices
Getting Started with SecureChange
SecureChange Basic
Logging into SecureChange and SecureApp
Connecting to SecureTrack
Connecting to a Mail Server
Adding Users
Basic Workflow Configuration
Creating Workflows
Creating and Managing Workflows
Create a New Workflow
Configuring Workflow Steps
Managing Workflow Steps
Configuring Step Properties
Auto step options
Automatic step actions
Configuring Step Fields
Field Types
Access Request Field
Modify Group Field
Rule Recertification Field
Rule Decommission Field
Server Decommission Field
Request Expiration Field
Configuring Assignment Mode
Configuring Dynamic Assignment
Configuring Dynamic Assignment Conditions
Configuring Dynamic Assignment Custom Script
Configuring Dynamic Assignment Custom Script for Server Decommission
Configuring Workflow Properties
Service-Level Agreement (SLA) Tracking
Submitting Requests
Keeping Track of Your Requests
Priority Icons for SecureChange
Status Icons
Opening a Request by Mail
Handling and Managing Tasks
Finding and Viewing Tickets
Searching for Tickets
Ticket View
Report Search Fields
Priority Icons for SecureChange
Assigning a Task
Handling a Task
Field Types
Managing Access Requests
Access Request Sections
Validating IP Addresses in an Access Request
Importing Access Request Values from Other Tickets
Access Request Search Syntax
Applying a Label to an Access Request
Defining a Traffic Connection for a Request
Tufin Predefined Services and Application Identities
List of Tufin Predefined Services
List of Tufin Predefined Application Identities
Access Request Values
Selecting Objects for Access Requests
Text Formats for Access Requests
View Original SecureApp Request
Security and Compliance Analysis
Provisioning Changes to a Policy
Select Security Groups
Vendor Requirements for Device Names
Security Zones
What is Provisioning and Commit Policy Changes
Verifying Access Requests
Managing Expired Tickets
Using the Network Object, Service and Target Fields
Using the Modify Group Field
Using the Rule Recertification Field
Using the Rule Decommission Field
Using the Server Decommission Field
Group Ticket Handling
Assigning Group Permissions
Handling Group Tasks
Viewing Group Requests
Sending Information Requests
Reassigning a Task
Rejecting a Ticket
Returning a Task to be Redone
Setting 'On Vacation' Status
Reporting
Ticket Query Reports
Configuring a Ticket Query Report
Report Search Fields
Running a Ticket Query
Exporting Query Results
Dashboard Graphical Reports
Configuring SecureChange Settings
Licensing SecureChange
Installing SecureChange Licenses
SecureChange Users and User Roles
Configuring User Roles
Adding Users to SecureChange
Working with Local Users
Adding Local Users and Groups
Managing Local Group Membership
Working with LDAP Users
Configuring the Organizational LDAP Settings
Importing LDAP Users and Groups
LDAP Synchronization
Configuring User Authentication
Configuring Radius Authentication
Configuring SSO Authentication
Stopping SecureChange Emails
Changing Your Password
Assigning Roles
Assigning Roles to Users
Assigning Users to Roles
Assigning Domains to Users
Viewing System Messages and Tasks
Managing Access Request Labels
Customizing SecureChange
Customizing the Logo, Background, and Disclaimer
Customizing Mail Notifications
Mail Notifications Variables
Customizing Access Requests
Customizing SecureChange Operations
SecureChange API
Using Scripts
Inbound Mailboxes
Adding an Inbound Mailbox
Opening a Request by Mail
Command Line Reference
Working with Free Task Search
Free Search Syntax Rules
Free Search Predefined Fields
Free Search Examples
SecureApp User Guide
Working with SecureApp
SecureApp Features by Vendor
Managing Application Connections with SecureApp
Example: Web Application
Setting up SecureApp
Installing TOS
SecureChange and SecureApp Licensing
Logging into SecureChange and SecureApp
Connecting to SecureTrack
Connecting to a Mail Server
Configuring SecureApp Settings
Adding Users
Basic Workflow Configuration
Assigning Roles to Users
Working with Applications and Connections
Enabling Multi-Domain in SecureApp
Managing Customers
Import Customers
Delete a Customer
Decommission a Customer
Navigate To Customers
Building the Application Inventory
Creating an Application or Application Pack
Decommissioning Applications
Managing Tags
Navigate to the Application Inventory
Managing Resources
Discovering Application Connections and Resources
Creating Resources Manually
Creating Servers
Creating Users
Creating Services
Self-Service Application Access
Defining Access to an Application
Requesting Access to an Application
Processing Self-Service Requests
Decommissioning Servers
Reviewing Impact of Decommissioning Servers
Importing and Exporting SecureApp Data
Managing Cloud Resources
Auto-Associate Cloud Resources
Manually Associate a Cloud Resource
Search Cloud Resources
Managing Connections
Defining New Connections
Adding Resources to Connections Manually
Defining Connections Between Domains
Adding Connections from the Connectivity Map
Checking Security Compliance
Repairing Connections
Using Groups in Connections
Replacing a Server with a Group
Changing a Connection by Editing Server Group Membership
Interconnecting Applications
Managing External Applications
Moving a Server
Building Interfaces to an Application
Building an Application Interface
Creating a Connection to Application
Migrating Connections to other Applications
Application Lifecycle Automation
Migrating an Application to a Different Environment
Remigrating an Application
Creating and Using Templates
Managing Customers
Managing Connections - Search Terms
Implementing Connections with SecureChange
Basic Workflow Configuration
Creating SecureChange Tickets
Repairing Connections
Handling Rejected Tickets
Integration with Puppet Labs
Tracking Changes to Applications
Monitoring Application Status
Finding Servers in Connections and Groups
View Connectivity Map
Application History
Visualizing Application Dependencies
SecureTrack Release Notes
Known Issues and Limitations
Known Issues in SecureTrack R18-3
Known Issues from Previous Releases
Platform Support
Installation and Upgrade
Accountability
Automatic Policy Generator (CLI)
Automatic Policy Generator (Web Interface)
Backup and Restore
Best Practices
Change Management
Compliance Policies
Dashboard
Database
Distributed Architecture
Firewall OS Monitoring
External Authentication
Licensing
Monitoring and Device Configuration
Multi-Domain
Notifications
Object Lookup
PCI-DSS Compliance
Policy Analysis and Business Ownership
Policy View
Reports (General)
Advanced Change Report
Baseline Settings Compliance Report
Business Ownership Report
Mailed Reports
Rule Change Report
PDF Reports
Security Risk Report
Software Version Compliance Report
Tufin Device Audit Report
Rule and Object Usage
Rule Documentation
System Settings
TOP
Topology
User Management
Web Interface
Zones
Resolved Issues and Updates
Issues Resolved in SecureTrack R18-3
Issues Resolved in SecureTrack R18-2
Issues Resolved in SecureTrack R18-1
Issues Resolved in SecureTrack R17-3
SecureChange Release Notes
Known Issues and Limitations
Known Issues in SecureChange R18-3
Known Issues from Previous Releases
Platform Support
Installation and Upgrade
Access Requests
Dashboard and Reports
Designer
General
Licensing
Modify Group
Multi-Domain
Policy Advisor
Rule Decommission Limitations
SecureChange API
System Settings
Target Suggestion
Tasks
User Management
Verification
Workflows
Resolved Issues and Updates
Issues Resolved in SecureChange R18-3
Issues Resolved in SecureChange R18-2
Issues Resolved in SecureChange R18-1
Issues Resolved in SecureChange R17-3
SecureApp Release Notes
Known Issues and Limitations
Known Issues in SecureApp
Known Issues from Previous Releases
Resolved Issues and Updates
Issues Resolved in SecureApp R18-3
Issues Resolved in SecureApp R18-2
Issues Resolved in SecureApp R18-1
Issues Resolved in SecureApp R17-3
Technical Notes
Security Essentials
TufinOS Hardening Guide
Security Improvements
TufinOS Prerequisites
Hide Process List From Users
Implementing Operating System Password Policies
TufinOS Services
New RPMs
Updated RPMs
Full Listing of RPMs
TufinOS CVE Security Bulletin
TufinOS 2.x CVE Security Fixes
CVEs Not Affecting TufinOS2.x
TufinOS 1.x CVE Security Fixes
Non-TufinOS Hardening Guide
Non-TufinOS Prerequisites
Hide Process List From Users
Harden SSH
Implementing Operating System Password Policies
TOS Hardening Guide
Security Improvements
Brute Force Protection
SecureTrack Ports and Services
SecureChange Ports and Services
TOS CVE Security Bulletin
Upgrade Notes
Manual Changes to Configuration Files
Migrating from TufinOS 1.x to TufinOS 2.x
Migrating to TufinOS 2.x using Backup and Restore
Migrating to TufinOS 2.x in an HA Environment
Upgrading TufinOS 1.x to TufinOS 1.22
Upgrading from TufinOS 1.x to TufinOS 1.22 - Upgrade Path Table
Supported Tufin Appliances
View TOS Database Size
Upgrading PostgreSQL
Upgrading to PostgreSQL 9.4 on TufinOS 2.x
Upgrading to PostgreSQL 9.4 on RHEL/CentOS 6
Upgrading SSL Certificates to SHA-2
Upgrading TLS to TLSv1.2
Upgrading MongoDB
Security and Compliance
Implementing PCI DSS v3 Using USP
PCI-DSS v3 - Sample CSV
PCI-DSS v3 Risky Services - Sample CSV
Implement NERC CIP v5 Using USP
NERC CIP v5 Demo Matrix - sample CSV
NERC CIP v5 Risky Services - sample CSV
Implementing ISO 27001 Using USP
Implementing ISO 27001 Using USP - Zones CSV
Implementing ISO 27001 Using USP - Matrix CSV
Enforcing Best Practices Using USP
Enforcing Best Practices - Rule Properties Matrix
Enforcing Best Practices - Risky Services Matrix
Advanced Best Practices Using USP
Advanced Best Practices - Zones CSV
Advanced Best Practices - Critical CSV
Advanced Best Practices - High CSV
Advanced Best Practices - Medium CSV
Advanced Best Practices - Low CSV
Linux Automation
Automating a Remote Backup
Extending the Web HTTP Session Timeout
Configuring NTP on TufinOS, CentOS or Red Hat Linux
Changing the Time and Date
Changing the Time Zone
Changing the Database Time Zone
Adding Persistent Static Routes
Configuring Network and DNS Settings
Changing the OS root Password
Adding Missing Linux Packages
Redirect HTTP traffic to HTTPS
Advanced Tools and Configuration
Creating a USB key for installing TufinOS on an appliance
Installing TufinOS on an Appliance Using a USB Key
Generic Topology Extensions
Adding and Updating a Generic Device
Topology Generic Device: Sample File
Topology of a non-Cisco Generic Device: Sample File
Adding or Removing Generic NAT Information
Adding or Removing Generic Interfaces
Adding or Removing Generic Routes
Automatic Policy Generator (APG) CLI
APG CLI Overview
APG CLI Rule Consolidation
Configuring APG CLI
Running the APG CLI
SecureTrack Tools
Changing SecureTrack Authentication for Multiple Monitored Devices
Finding Change Report by Ticket ID
Lookup Objects by IP Address
Monitoring a Standby Check Point Management Server
Adding Multiple Devices for Monitoring
Access Regression Report
DNS Lookup for Objects
Policy Statistics for Security and NAT Rules
Compare Revisions from Different Check Point Devices
Get Details of Check Point Gateways
Rule Consolidation
Bulk Update Monitoring Settings for Devices Managed by Juniper NSM or Cisco CSM
Set ISG Cluster Hostnames
Adding Device Connections for Firewalls in Transparent Mode
Convert Palo Alto Cluster Standalone Devices To SecureTrack Palo Alto Cluster
Adding Generic VPN Connections
Removing Generic VPN Connections
Ignoring Check Point Revisions from Specific Admins
Performing Bulk Device Tasks
Bulk Device Migration
Bulk Device Deletion
SecureTrack Integration with SIM/SIEM Systems
Configuring Syslog for SIM/SIEM
Using an External Device for the Database Files
Monitoring a Check Point Management Server with Non-Standard LEA Authentication
Configuring a Specific Time for Device Polling
Configuring SecureTrack Rule-Base Language Support
Language ANSI numbers
Preventing the Non-Signed Security Certificate Warning
Renewing SecureTrack's Certificate
Configuring SecureTrack for Non-Default Syslogs
Customizing SSL
Importing SSL Certificates
Removing Passphrase from SSL Certificate
Customizing SSL or Virtual Host Configuration
Customizing SSL or Virtual Host Configuration - R17-3 HF2 or below
Generating an Open SSL Certificate Request
Obfuscating IP Addresses in Configuration Files
Configuring the Remote Management Module (RMM)
SSH to RADIUS Configuration
SUDO Setup and Configuration Instructions
Tufin Orchestration Suite MIB Definitions
Tufin Orchestration Suite SNMP Traps for OS Monitoring
SecureTrack Device Policy Archive
Creating Custom LDAP Vendors
LDAP Server Attributes
Configuring a new LDAP vendor for SecureTrack
Retrieve LDAP Vendor Configuration
Configure LDAP Vendor Attributes for SecureTrack
Delete LDAP Vendor for SecureTrack
Configuring a new LDAP vendor for SecureChange
Add LDAP Vendor to SecureChange
Configure LDAP Vendor Attributes for SecureChange
Delete LDAP Vendor for SecureChange
Configure LDAP Vendor Attributes for User Identity
Scripts for Statistical Analysis
Monitor Offline Cisco Routers using SNMP
Configuring Juniper SRX Logging
Configuring Risk Analysis when a resource is not in any USP Matrix
Out of Memory Exception in SecureApp
Installing VMware Tools
Installing VMware Tools on TufinOS (Recommended)
Installing VMware Tools on TufinOS (Customizable)
Reporting Pack
Getting Started
Creating a report
What information can I see in a report?
Viewing the list of generated reports
Viewing and saving report results
Viewing the list of saved or scheduled reports
Deleting a report
Configuring SMTP Server Settings and Endpoint Credentials
Upgrading the Reporting Pack
Reporting Pack Report List
Report Settings
Reporting Pack Installation Procedures
Tufin Professional Services (PS) Library Installation
Setting Service and User Credentials
Tufin Reporting Package Installation
Configuration Files
Logs
Reporting Pack FAQs
Cisco ACI
Introduction
Getting Started
Defining the Cisco ACI Administrator in SecureApp
Adding Cisco ACI as a Device in TOS
Viewing Cisco ACI Applications in SecureApp
Checking Compliance of Cisco ACI Applications in SecureApp
Preparing a Security Zone Matrix File
Sample Security Zone Matrix CSV File
Tufin Appliance Power Requirements
Identifying the SecureTrack Device ID
The TOS Developers Guide
Tufin Orchestration Suite (TOS) REST API
Getting Started with the TOS API
SecureTrack REST API Resources
Device and Revision Resources
supported vendors
supported models
virtual type
Bindings: Attaching Rules to Firewalls
Object IDs
Domains
REST API Overview
SecureChange and SecureApp REST API Resources
REST API OVerview
API Best Practices
General
Performance
Response Time
SecureTrack APG CLI
APG CLI Overview
Consolidating Rules
Collecting Log Files
Getting Check Point Logs for Upload
Getting Log Files for Upload
Running APG CLI
Customizing APG CLI Results
Tufin Open Platform (TOP)
Introduction to TOP
TOP Plugin Architecture
Creating a TOP Plugin
Overview: High-Level Plugin Creation Procedure
Creating the top_manifest.xml File
Creating the Data Retrieval Executable
Creating the Readme File
Packaging the TOP Plugin
Testing the TOP Plugin
Validating the TOP Plugin
Installing a TOP Plugin
SecureChange API Scripts
Example: Send Mail on Close
Sample Script File
Sample XML Output
SecureChange Inbound Mail
Adding an Inbound Mailbox
Example: Opening a Request by Mail