www.tufin.club

Tufin SecureTrack offers some possibilities if a device can't be monitored directly. One of them is to define a Generic Device. Just a short explanation of this kind device and how to configure it.

Generic Device

This kind of device is defined for SecureTrack Topology only. No Monitoring, no security configuration and no logs are imported into SecureTrack. Such a device is necessary if a non monitored device is needed to correct / enhance the Network Topolgy SecureTrack is working with. As you know, that's the base for enhanced features of SecureChange and SecureApp. So it's important to let the Topology of SecureTrack show the reality regarding Networks and Routing.

Since no data is used for reports, analysis of rule bases etc. no license for such a device is necessary.

Why and how to define it? Let's assume you have a topology which isn't according with the reality. Mostly the reason is a missing device, connecting two or more networks. The topology shows like e.g.

So defining a Generic Device might help to improve the topology to show the reality.

Just create a plain ASCII file with all relevant data. Referring to the User Guide might be useful...  ;)
If you want to define a Generic Device to connect the device "firstvs" managed by "SMC-Rio" with the net 198.18.50.0/24 the plain ASCII file might look like this example:

Name, Ip, Mask, Vrf
interface1, 192.168.50.254, 255.255.255.0
interface2, 172.16.41.254, 255.255.255.0

Destination, Mask, Interface, Next-Hop, Vrf
0.0.0.0, 0.0.0.0, interface1, 198.18.50.1

Now it's time to import the file to SecureTrack. This is done in the menu option "Network > Topology > Add Generic Device".

The next step is to save the file and to wait for a moment. SecureTrack is calculating the new Topology. After finishing it, the Generic Device is shown in the SecureTrack Topology. For sure, this change will also be known in SecureChange.

So from now on, this device is known in Tufin SecureTrack Topology and also considered by the other components of the Tufin Orchestration Suite.
If there is a "big Core Device" by Cisco, no definition of all Interfaces and routes is necessary. Just an import of exported configuration data does the job. Redirect the output of

# show ip route
# show ip interface

to a file and import it as shown above. We have proved this also for very big configuration files - and it works if it's a Cisco device...  

 

Welcome to blog.tufin.club

We are glad that you found this blog about solutions by Tufin Technologies. Their product is the Tufin Orchestration Suite which consists currently of the parts SecureTrack, SecureChange, and SecureApp.

This blog is operated by AERAsec Network Services and Security GmbH in Hohenbrunn/Germany. AERAsec is Gold Partner of Tufin and also selling all Tufin Solutions. Besides sales,  AERAsec also delivers support for all Tufin Solutions even if direct support is provided by Tufin Technologies. Esp. german speaking customers often like first and second level support in German.

The main author of this blog is Matthias Leu. He started with Tufin products in 2006 and is the only german speaking "official" TCSE Trainer.
Please feel free to contact AERAsec by E-Mail via info at aerasec.de