tufin T-510 User manual
v.11 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
T-510 Quick Start Guide
Security Policy Orchestration
Security Policy Orchestration
Table of Contents
Chapter 1: Introduction 4
Welcome 4
Overview 4
Chapter 2: The T-510 Front and Rear Panels 5
Front Panel 5
Front Panel LEDs and buttons 6
Rear Panel 7
Chapter 3: Setting Up 8
Setting up the T-510 8
Advanced CLI Configuration 15
Chapter 4: Restoring Factory Defaults 16
Chapter 5: Additional Information 18
The Next Step 18
Support 18
About Tufin Technologies 18
Trademarks 18
4Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
Chapter 1: Introduction
WELCOME
Congratulations on choosing the T-510 Appliance from Tufin Technologies, the
industry’s most comprehensive firewall operations management solution. Our
worldwide technical services team is available to you through the web, email, or
telephone. See http://www.tufin.com/support for your preferred mode of
communication. We look forward to supporting all of your current and future
firewall operations needs.
OVERVIEW
The Tufin T-510 appliance is designed to simplify integration and use of Tufin
Orchestration Suite (TOS) by providing a unified hardware and software
solution. The T-510 is preinstalled with TufinOS, a proprietary hardened Linux
operating system, and the Tufin Orchestration Suite, which includes these
software solutions: SecureTrack™, SecureChange™ and SecureApp™. By
default, all TOS products are enabled. You can modify these settings according
to your needs.
This document provides:
•Shipping container contents, and descriptions of the appliance panels
•A step by step guide to getting the appliance and software up and running
•Instructions for restoring factory defaults
To set up device monitoring by SecureTrack, to configure SecureChange, or for
more information, see the online help (in the product, click Help) or see the Tufin
Knowledge Center at: http://www.tufin.com/support/kc
Shipping Container Contents
ITEM
DESCRIPTION
Appliance
T-510 appliance
Cables
2 power cables
1 RJ-45 (CAT 5e) network cable
1 DB9 console cable
USB flash drive
USB flash drive for appliance recovery
Documentation
This Quick Start Guide
Other hardware
Rack mounting kit
Appliance front bezel
For assistance, please call 1-877-270-7711 or email: support@tufin.com 5
Chapter 2: The T-510 Front and Rear Panels
Figure 2-1 shows the front of the appliance with the bezel removed.
Figure 2-2 shows the front control switches and status LEDs.
Figure 2-3 shows the rear of the appliance.
FRONT PANEL
Figure 2-1: Front view of the T-510 appliance (bezel removed)
ITEM
DESCRIPTION
ITEM
DESCRIPTION
A
VGA port
E
Hard drive bay 1
B
2 USB 3.0 ports
F
Hard drive bay 2
C
Front panel LEDs and buttons
(expanded in figure 2-2)
G
Hard drive bay 3
D
Hard drive bay 0
Table 2-1: Front view of the T-510 appliance (bezel removed)
6Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
FRONT PANEL LEDS AND BUTTONS
All control buttons and status LEDs are located on the front of the appliance:
Figure 2-2: Front LEDs and buttons
ITEM
FEATURE
DESCRIPTION
A
System ID button with
integrated LED (green)
When pressed, it toggles the ID LEDs on the front and back of the
appliance.
B
Halt button
When pressed, it puts the server in a halt state so that the memory can
be downloaded for diagnostics
C
Onboard LAN LED
(green)
Indicates NIC activity for each of the two onboard network interfaces.
NIC activity for the
D
System cold-reset button
When pressed, it reboots the appliance.
E
HDD activity/ fault LED
(green/red)
Indicates HDD activity when green, or an HDD fault when red. This is an
aggregated indication for all hard disk drives in the system. Each hard
disk contains its own activity and fault indicators.
F
System status
(green/red)
Indicates system status as follows:
•Steady green indicates system in standby or ready for operation.
•Blinking green indicates degraded operation (e.g., power supply
nonredundancy, part of system memory mapped out by BIOS).
•Blinking red indicates one or more non-critical fault conditions.
•Steady red indicates one or more critical fault conditions.
G
Power button with
integrated LED (green)
When pressed, it toggles the system power. When continuously lit,
indicates the presence of power supply output power in the appliance.
The LED turns off when the power supply is turned off or the power
source is disrupted.
Table 2-2: Front LEDs and buttons
For assistance, please call 1-877-270-7711 or email: support@tufin.com 7
REAR PANEL
Figure 2-3: Rear view of the T-510 appliance
ITEM
DESCRIPTION
ITEM
DESCRIPTION
A
Power supply 1
F
RJ45 management port
B
Power supply 2
G
3 USB 3.0 ports
C
Onboard LAN (eth0)
H
RJ45 management port
D
Onboard LAN (eth1)
I
External NIC (eth2)
E
Video connector
J
External NIC (eth3)
Table 2-3: Rear view of the T-510 appliance
8Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
Chapter 3: Setting Up
SETTING UP THE T-510
Note: The appliance has a predefined IP address. Before racking the appliance,
make sure to change the IP address either in the first-time wizard (as described
in step 4 below), or via a console connection (see Advanced CLI
Configuration on page 15) in CLI. For CLI instructions see:
http://www.tufin.com/support/kc/latest/1584.htm
To set up the T-510:
Step 1: Connecting the Power Cable and Power On
1. Connect the power cable.
2. Boot up the appliance by pressing the Power button on the front panel.
Step 2: Connecting to the T-510
Connect a network cable to the eth0 (NIC1) port (Figure 2-3, item C), and to a
PC (with a crossover cable) or to a local network that is in the same subnet as
the eth0 port. If you haven't changed it, this is: 192.168.1.100/24
Step 3: Configuring Tufin Orchestration Suite
By default, SecureTrack and SecureChange/SecureApp are enabled. To
change these settings:
1. Open a command line via SSH to eth0's IP address (if you haven't changed it:
192.168.1.100).
2. Log in as: root, with password: system
3. Run the following command:
tos conf
and follow instructions.
If you have disabled SecureTrack and will not be using it on this appliance, skip
to Step 5.
Step 4: (SecureTrack only) Logging into SecureTrack, and Initial Configuration
1. To access SecureTrack with Microsoft Internet Explorer or Mozilla Firefox,
browse with https to eth0's IP address. If you have not changed the IP
address, browse to: https://192.168.1.100
2. Accept the certificate.
For assistance, please call 1-877-270-7711 or email: support@tufin.com 9
3. The login window appears. Log in as: admin, with password: admin, and
click Login:
4. The SecureTrack Setup Wizard will start at this point. The wizard includes the
following pages:
Login: For security reasons, change the admin password:
10 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
EULA: Accept the End User License Agreement:
Password: Type: system for the Old Password of the TufinOS root user, and
change the password:
12 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
User Details: The admin user’s details.
Username and password cannot be changed in this page.
Notifications: SMTP settings for SecureTrack email notifications:
14 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
Step 5: (SecureChange only) Logging into SecureChange
1. If SecureTrack is disabled, and you haven’t gone through the SecureTrack
Setup Wizard, use standard Linux commands in TufinOS to do the following:
•Configure interface settings according to your networking needs (eth0 may
still have the preconfigured IP address of 192.168.1.100). For instructions, go
to: http://www.tufin.com/support/kc/latest/1584.htm
•Change the root password. For instructions, go to:
http://www.tufin.com/support/kc/latest/1585.htm
•Set the time, time zone, and date. For instructions, go to:
http://www.tufin.com/support/kc/latest/1024.htm
•(Optional) Configure NTP. For instructions, go to:
http://www.tufin.com/support/kc/latest/1021.htm
2. To access the SecureChange Administration Console, browse to:
https://<host>/securechangeworkflow
where <host> is the IP address or resolvable name of the T-series appliance.
For assistance, please call 1-877-270-7711 or email: support@tufin.com 15
3. Log in as: admin, with password: admin
To further configure SecureChange, see the SecureChange User Guide, at:
http://www.tufin.com/support/kc/latest/sc_userguide.htm
For instructions on adding devices to be monitored, see the SecureTrack User’s
Guide, at:
http://www.tufin.com/support/kc/latest/st_userguide.htm
To add SecureTrack on this appliance to a distributed deployment, see the
SecureTrack User's Guide, at:
http://www.tufin.com/support/kc/latest/2456.htm
ADVANCED CLI CONFIGURATION
CLI access can be achieved by serial console connection or through SSH
access. To use a serial console connection, configure the terminal to match the
following appliance console port settings:
•57600 bits per second
•8 Data bits
•Parity: None
•Stop bit: 1
•Flow Control: None
16 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
Chapter 4: Restoring Factory Defaults
You can restore the factory defaults on the appliance by using the provided USB
flash drive.
Warning! Restoring factory defaults will delete all information on the
appliance including database records, backup files and logs.
1. Backup the Tufin Orchestration Suite databases (SecureTrack and
SecureChange) by running:
tos backup <backup_filename>
Save the backup file on external storage, because the output file will be
deleted from the appliance when you restore factory defaults.
2. Run:
st version
and:
scw version
Record the build numbers to refer to when you restore the backup files.
3. Remove all USB devices (except the keyboard).
4. Insert the USB flash drive into the USB port (Figure 2-1, item B), and reboot
the appliance by pressing the Power button or by typing reboot.
The appliance automatically boots from the USB Flash Drive.
Note: If the appliance does not boot automatically from the USB Flash Drive,
you may need to configure the BIOS boot option to do so.
5. Once the appliance is up, you are prompted to specify what console is used.
Enter kvm for KVM switch/monitor and keyboard, or serial for serial
console.
If there is no reply within 60 seconds, all installation messages are directed to
the serial console.
6. Before the installation program resets the system, you will be advised that all
data will be removed from the appliance. Select OK to restore factory
defaults.
TufinOS is installed, after which you are prompted to reboot the appliance.
Make sure to first remove the USB flash drive, or the appliance will boot from
it again. The appliance reboots with factory default settings.
7. Download the latest Tufin Orchestration Suite package from the Tufin Support
site (www.tufin.com/support) and copy it to your appliance.
For assistance, please call 1-877-270-7711 or email: support@tufin.com 17
8. Log onto the appliance command line as: root, with password: system
The TOS installation package can be found where you downloaded the
package or under the /root directory of the appliance (default), in the
following filename format:
tos-<TOS_version#>-<TOS_build#>-<ST_build#>-<SCW_build#>-release.run
For example: tos-RXX-X-XXXXX-XXXXX-XXXXX-release.run
Install Tufin Orchestration Suite by running:
sh <filename>
For example: sh tos-RXX-X-XXXXX-XXXXX-XXXXX-release.run
9. (Optional) To restore the databases from the backup file, run:
tos restore --st –-scw --sa <backup_filename>
Note: To restore the backup file you must have the same TOS build running
on the appliance as during backup. If you do not have the correct TOS build,
contact Tufin support.
10. If you are going to be working with the freshly installed databases (that
is, you did not restore databases from a backup file), follow the instructions in
Chapter 3: Setting Up on page 7, from Step 2 onwards.
18 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
Chapter 5: Additional Information
THE NEXT STEP
You now have the basics you need in order to get started. The next step is to
gain more in depth knowledge of your Tufin software.
You can find complete Tufin documentation at:
http://www.tufin.com/support/kc
SUPPORT
You can login to our support portal to get more technical infromation or to open
a support request at:
http://www.tufin.com/support/overview.php
If you need immediate assistance, please call: 1-877-270-7711, or email:
ABOUT TUFIN TECHNOLOGIES
Tufin™ is the leading provider of Security Lifecycle Management solutions that
enable companies to cost-effectively manage their network security policy,
comply with regulatory standards, and minimize IT risk. Tufin's award-winning
products SecureTrack™, SecureChange™ and SecureApp™ help security
operations teams to manage change and perform reliable audits while
dramatically reducing manual, repetitive tasks through automation. Founded in
2005 by leading firewall and business systems experts, Tufin serves hundreds
of customers in industries from telecom and financial services to energy,
transportation and pharmaceuticals. Tufin partners with leading vendors
including Check Point, Cisco, Juniper Networks, Palo Alto Networks, Fortinet,
F5, Blue Coat, McAfee and BMC Software, and is committed to setting the gold
standard for technological innovation and dedicated customer service.
For more information visit www.tufin.com, or follow Tufin on:
•Twitter: http://twitter.com/TufinTech
•Facebook: http://www.facebook.com/Tufintech
•LinkedIn: http://www.linkedin.com/companies/tufin-technologies
•YouTube: http://www.youtube.com/user/Tufintech
•The Tufin Blog: http://www.tufin.com/blog
TRADEMARKS
Tufin, SecureTrack, SecureChange, SecureApp and the Tufin logo are trademarks of Tufin Software
Technologies Ltd. All other product names mentioned herein are trademarks or registered
trademarks of their respective owners.
v.11 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-510 Quick Start Guide
T-510 Quick Start Guide
Security Policy Orchestration
Security Policy Orchestration
Table of contents
