The Tufin Orchestration Suite (TOS) Aurora is no more a "simple installation based on Linux", but a Kubernetes Cluster. Therefore some network requirements regarding IP addresses need to be considered. Before upgrading to or installing TOS Aurora, some IP addresses need to be reserved. These are:

  • A dedicated IP address for each physical server (central server, worker node)
    This address is also used to access the CLI of each system
  • A VIP that is used for accessing the WebUI of SecureTrack/SecureChange/SecureApp
  • If Syslog messages are going to be received, an additional VIP is necessary also

All of these IP addresses need to be on the same network (or the system needs more than one active interface).

Besides this, additional networks need to be reserved for TOS Aurora.

  • A 16-bit CIDR network dedicated to the Kubernetes pods network. It's by default 10.244.0.0/16
    If another network is needed, please contact Tufin Support.
  • A 24-bit CIDR network dedicated to TOS Aurora for the Kubernetes service network. This must not overlap with the first network.

These networks need to be out of the range described in RFC 1918 (i.e. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
They must not overlap with the addresses of the networks listed above. Additionally, it's required that they don't overlap with any subnets communicating with TOS Aurora or its nodes. 

Further details can be found in the Knowledge Center run by Tufin.

 

 

 

TOS Classic has reached its last version, R21-3. This platform is supported by Hotfixes until the End of 2022. If needed, extended support is available. In this case, you need to contact your Reseller and/or your local Tufin Sales Representative. 

TOS Aurora is the only platform for which improvements are developed. Therefore also some changes regarding devices and reports are announced or implemented. Most cases have a successor in TOS Aurora. The changes are in supported devices and reports.

 

Reports

Tufin SecureTrack still includes some Standard Reports e.g. "Rule and Object usage". Besides this, the free app SecureTrack Reporting Essentials is available in the Tufin Marketplace. Some of the reports are going to be removed or replaced.

  • Policy Analysis Report
    Based on Policy Analysis Queries regular Reports can be triggered. The queries are carried out at the configured times, leading to a Policy Analysis Report.
    No more available in new installations: R21-3
    Removed from all installations: R22-2
    Substitute / Follow up: Rule Viewer

  • Security Risk Report
    Risks, as defined in NIST 800-53, can be configured in SecureTrack. Reports can be generated per device showing potential risks.
    No more available in new installations: R21-3
    Removed from all installations: R22-2
    Substitute / Follow up: USP, Reporting Essentials

  • Risk Charts
    Risks, as defined in NIST 800-53, can be configured in SecureTrack. The result of such a Risk Analysis is shown as Risk Charts overall or per Device.
    No more available in new installations: R21-3
    Removed from all installations: R22-2
    Substitute / Follow up: Widget in USP Viewer

  • Compliance Policies
    For a very long time, own compliance policies could be defined and the configuration monitored accordingly.
    No more available in new installations: R21-3
    Removed from all installations: R22-2
    Substitute / Follow up: USP, USP Alerts Manager, USP Exceptions

  • Regulations Audit Browser
    Regulations are defined in SecureTrack, e.g. PCI DSS or SOX. The monitored configuration is shown using the Regulations Audit Browser - also showing fulfillment of the regulations or details about violations.
    No more available in new installations: R21-3
    Removed from all installations: R22-2
    Substitute / Follow up: USP, Reporting Essentials

  • Rule Documentation Report
    Reports about Rule Metadata can be achieved using this kind of report. These reports per device are about e.g. expired rules, their business owner, or ticket ID.
    No more available in new installations: R21-3
    Removed from all installations: R22-2
    Substitute / Follow up: USP, Rule Viewer

  • Security Risk Report
    Risks, as defined in NIST 800-53, can be configured in SecureTrack. Reports can be generated per device showing potential risks.
    No more available in new installations: R21-3
    Removed from all installations: R22-2
    Substitute / Follow up: USP, Reporting Essentials

  • Expired rules Report
    Many vendors offer a time limit for rules. After the given date the corresponding rule is disabled automatically. Reports point out expired rules or rules that will expire within a configurable time frame.
    No more available in new installations: R22-1
    Removed from all installations: R22-2
    Substitute / Follow up: Rule Viewer

 

Devices and features

Support of some devices and features are going to be removed in TOS Aurora. It affects e.g.

  • Check Point Firewall OS Monitoring
    No new configuration in R22-1 and above, but available for installations using this feature (no more in the price list)
  • Fortinet FortiManager in Basic Mode
    No more new devices starting with R19-3, no revisions in R22-1 and above
  • Palo Alto Networks Panorama in Basic Mode
    No more new devices starting with R19-3, no revisions in R22-1 and above
  • Palo Alto Panorama Version 8 and earlier
    No longer supported in R22-1 and above

 

 

 

As you know, TOS Aurora is public and will result in the only supported version. TOS Classic will retire end of 2022.

Before upgrading from TOS Classic to TOS Aurora, the requirements need to be considered. If you are using a Tufin Appliance, please consult Tufin about its compatibility.

If you want to install TOS Aurora on other hardware, please refer to Tufin and consider the requirements.
Not only the size of the hard disk is important, but also the speed of it. Do not try to install TOS Aurora on classic hard disks...

  • (fast) SSD array
  • 7.500 IOPS or more
  • 250 MB/s throughput or more

So besides the requirements for processors/cores, RAM, and disk size, the speed of the hard disk is very important.