Installing and Upgrading VMA

Overview

This procedure describes how to install or upgrade TOS application extensions.

Upgrades

To upgrade an existing extension, download and install the latest version. You do not need to uninstall the existing version.

Upgrades to Vulnerability Mitigation App (VMA) provide newly-supported features, bug fixes, and integrate changes from TOS.

  • Backward Compatibility: This extension is tested for backwards compatibility with the current and two previous versions of TOS.

  • Support and Bug Fixes:

    • Tufin provides customer support for the most recent version of this extension.

    • If there are issues related to TOS as well, support is provided if you are on the current version, or one of the previous two versions of TOS.

    • Bugs fixes are applied only to the latest version of this extension.

To check your current version, click > About.

Before Installation

  • Confirm that you have either a Google Chrome or Mozilla Firefox internet browser.

  • Extensions applications may require additional hardware and resources, depending on utilization. Consider expanding your resources if heavy use of the application is intended.

  • If you are not using TufinOS, we recommend that you open a support ticket for a walkthrough before installing an Extension application for the first time.

  • In SecureTrack:
    • Create a user with Security Administrator level permissions. Log into SecureTrack with that user.
    • Configure the relevant network zones.
  • In SecureChange:
    • Create a user with the permission: Create and handle tickets on behalf of another user (via API only). Log into SecureChange with that user.
    • Create a server decommission workflow to be used when asset mitigation is needed.
  • Access credentials that can make API calls to one of the following supported vulnerability management solutions:
    • Rapid7 Nexpose
    • Rapid7 InsightVM
    • QualysGuard
    • Qualys VMDR
    • Nessus Professional
    • Tenable.io
    • Tenable.sc

Install/Upgrade VMA

You can download all installation files from the Customer Portal Download Center, either locally or to a relevant server.

  1. From the Download Center, select the Extension to download.

  2. After downloading the file, log in to the primary data node using SSH.

  3. Create a directory called /opt/extensions, and do the following:

    1. Copy and paste the downloaded installer run file to the directory.

    2. Run the command:

      # sh reportpack-v<VERSION>.k3s.run

VMA is installed on the TOS cluster.

A license is required if you have a legacy (non-tiered) TOS license - see Installing a License.

Troubleshooting Installation

Error Message

Next Steps
Error: TOS isn't running

Potential cause: You are not using TufinOS, and the issue may be related to operating system user permissions.

Solution:  Contact Tufin Support for instructions.