The Tufin Orchestration Suite (TOS) Aurora is no more a "simple installation based on Linux", but a Kubernetes Cluster. Therefore some network requirements regarding IP addresses need to be considered. Before upgrading to or installing TOS Aurora, some IP addresses need to be reserved. These are:

  • A dedicated IP address for each physical server (central server, worker node)
    This address is also used to access the CLI of each system
  • A VIP that is used for accessing the WebUI of SecureTrack/SecureChange/SecureApp
  • If Syslog messages are going to be received, an additional VIP is necessary also

All of these IP addresses need to be on the same network (or the system needs more than one active interface).

Besides this, additional networks need to be reserved for TOS Aurora.

  • A 16-bit CIDR network dedicated to the Kubernetes pods network. It's by default
    If another network is needed, please contact Tufin Support.
  • A 24-bit CIDR network dedicated to TOS Aurora for the Kubernetes service network. This must not overlap with the first network.

These networks need to be out of the range described in RFC 1918 (i.e.,,
They must not overlap with the addresses of the networks listed above. Additionally, it's required that they don't overlap with any subnets communicating with TOS Aurora or its nodes. 

Further details can be found in the Knowledge Center run by Tufin.