It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

TUFIN Integration API Service

  • Last updated on

Tufin SecureTrack is a firewall management solution that enables security, compliance, and connectivity visualization of enterprise IT across multi-vendor firewall environments and cloud platforms. SecureTrack provides insights into network connectivity and security policy changes, and can also alert for potential new security risks.

As of firmware release 8.2, the CloudGen Firewall supports integration with Tufin SecureTrack.

How the CloudGen Firewall Integrates with Tufin

SecureTrack provides multiple dashboards for displaying a range of network connectivity data for a variety of firewalls. Because SecureTrack supports multi-vendor firewall environments, both CloudGen Firewalls and Control Centers are covered.

To connect to SecureTrack, Tufin provides a software package that must be installed on the CloudGen Firewall and/or Control Center before these appliances can transmit data. The service for Tufin integration must then be enabled on the CGF/CC and all relevant parameters must be set.

Based on the settings, network connectivity data can then be synchronized to SecureTrack.

Before You Begin

  • Ensure that you have licensed your Tufin SecureTrack. Once you have done so, Tufin will provide access for downloading the required installation package for the CloudGen Firewall.
  • Ensure that you are familiar with all relevant aspects of running your Tufin product. For more information, see www.tufin.com.
  • Ensure you have downloaded the most recent API installation package for your firewall from Tufin.

Setup and Configuration of Tufin Integration

Step 1. Get All Relevant Certificates from Tufin
  1. In your web browser, go to https://portal.tufin.com/aspx/TechnicalDocument .
  2. Locate and follow the instructions for obtaining all relevant certificates.
Step 2. Install the Software Package from Tufin

Tufin provides a software package that must be installed on the corresponding CloudGen Firewall / Control Center. This package is the API that is used by the CGF/CC for synchronizing connectivity data with Tufin SecureTrack. After downloading the software package, you must install the package manually on your corresponding firewall.

  1. Log into the firewall / Control Center on box level.
  2. Go to SSH and log in as user "root".
  3. On the command line, enter cd /root/.
  4. Ensure that the installation package file is present and enter ls -la topm*
  5. If the file is there, enter tar -xvzf topm-0.3.11.tar.gz  to unzip/decompress the file.
  6. To change to the unzipped directory, enter cd topm-0.3.11
  7. To start the installation procedure, enter python3 setup.py install and wait until the installation is finished. This will be indicated with a new prompt line.
  8. After the installation is finished, log out from the command line by pressing CTRL-D.
Step 3. Configure the TUFIN Integration Service API
  1. Log into the firewall / Control Center on box level.
  2. Go to CONFIGURATION > Configuration Tree > Box and expand the node Infrastructure Service.
  3. Double-click TUFIN Integration API Service.
  4. Click Lock.
  5. In the display area Tufin Integration, configure the following parameters:
    • Enable Tufin Integration – Select the check box.
    • Tufin System Host – Enter the IP address of the SecureTrack Tufin host.
    • Tufin System Port – Enter 9099 for the port number.
    • Tufin Client Certificate – Select explicit from the list.
    • Tufin Client Private Key – Import the client private key provided by Tufin.
    • Explicit Tufin Client Certificate – Import the client certificate provided by Tufin.
    • Tufin Server Certificate – Import the server certificate provided by Tufin.
  6. Click Send Changes / Activate.

tufin_integration.png

According to the default settings, the CloudGen Firewall / Control Center will now send a report every 12 hours to the Tufin server.

Step 4. (optional) Modify the Reporting Period
  1. Log into the firewall / Control Center on box level.
  2. Go to CONFIGURATION > Configuration Tree > Box and expand the node Infrastructure Service.
  3. Double-click TUFIN Integration API Service.
  4. In the left menu area, click Switch to Advanced.
  5. The Tufin Integration section now displays edit fields associated with the advanced configuration mode.
  6. The reporting period is set to 12 hours by default.
  7. Click Lock.
  8. For Tufin Report period [hour], enter the new period for sending reports to Tufin.
  9. Optional: If you want to change the period when to start with reporting after registration, enter the required value for Tufin Init period [min.].
  10. Click Send Changes / Activate.

tufin_integration_advanced_view.png

 

Last updated on