What is Policy Analysis?

Since a long time SecureTrack offers Policy Analysis to check the way a packet takes through the topology. Besides the corresponding firewalls and routers, it's also shown if the packet is allowed to pass or not. Queries can be saved and run later. So it's possible to have many queries configured and to run them when needed, e.g. when a change in the Topology has taken place. As shown below, queries as well as results are quite easy to understand.


Policy Analysis in TOS 19-1 - upgrade

When upgrading to TOS 19-1 the Policy Analysis is still there and can be used. Additionally, the "Interactive Map" allows now to save queries.

 Policy Analysis in TOS 19-1 - new installation

When TOS 19-1 is not upgraded but newly installed, Policy Analysis can't be found in the menu any more. This points out, that Tufin is going to remove the Policy Analysis and to move the functionality to the "Interactive Map". If Policy Analysis is needed in a new installation of 19-1 it can be activated via stconf:

  • Using the WebUI
    Log in to SecureTrack and open https://<IP_of_ST>/stcgitest.htm
    Here you find the section Configuration > Edit StConf > Fetch Current Conf

    When clicking the button, the configuration is shown. Browse down to the line that refers <show_legacy_pa>
    Change <show_legacy_pa>0</show_legacy_pa> to <show_legacy_pa>1</show_legacy_pa>
    and don't forget to press the button "Submit New Conf"
    When you log in again, the menu shows Policy Analysis as wanted.

Even if you can use Policy Analysis in 19-1, please be aware that this feature will probably removed in one of the next versions.
Currently there is no way known, how to migrate queries of Policy Analysis to queries of Interactive Map.
If you know a way, please send me a note - thanks.