tufin T-800 - User Manual

The Tufin T-800/1200 appliance is a dedicated hardware solution designed for network security policy orchestration, supporting both Tufin Orchestration Suite (TOS) Aurora and TOS Classic. It offers a robust, quick installation, aiming to lower the total cost of ownership for IT organizations. The appliance is built for scalability, allowing multiple units to be connected on-demand across various sites to meet diverse network needs. Equipped with enterprise-grade memory and SSD drives, it delivers powerful and flexible performance suitable for mid-size to large enterprises.

Function Description:

The T-800/1200 appliance serves as the foundation for Tufin Orchestration Suite, which provides comprehensive security policy management. It enables organizations to automate security policy changes, ensure continuous compliance, and gain visibility across complex, hybrid environments. The appliance can be configured to run either TOS Aurora, the latest version of Tufin's orchestration suite, or TOS Classic, with support for the latter ending on December 31, 2022. Key functionalities include:

• Security Policy Orchestration: Automating the design, provisioning, and auditing of network security policies across firewalls, routers, and cloud platforms.
• Network Connectivity: Providing multiple high-speed Ethernet ports for seamless integration into existing network infrastructures.
• Remote Management: Featuring a Remote Management Module (RMM) or IPMI port for "lights-out management," allowing administrators to configure and monitor the appliance remotely without physical access. This includes upgrading TufinOS or TOS.
• Scalability: Designed for distributed deployment architecture, enabling the connection of multiple appliances to scale resources as network requirements grow.
• Data Storage: Utilizing SSD drives for efficient and reliable data storage, crucial for policy databases, logs, and system configurations.

Important Technical Specifications:

The T-800/1200 appliance features a well-defined set of components and interfaces:

Front Panel:

• Information LED (A): Indicates system status.
  • Continuously on red: Overheat condition (possibly due to cable congestion).
  • Blinking red (1Hz): Fan failure.
  • Blinking red (0.25Hz): Power failure.
  • Solid blue: UID activated locally.
  • Blinking blue: UID activated via IPMI.
• NIC LED (B, C): Flashes to indicate network activity on LAN1 and LAN2 respectively.
• HDD LED (D): Flashes to indicate hard drive activity.
• Power LED (E): Illuminates when power is supplied and the system is operating normally.
• UID button/LED (F): Toggles the blue light function of the Information LED and a blue LED on the rear chassis, aiding in server location within racks.
• Power button (G): Main power switch to apply or remove primary power, while maintaining standby power.
• USB ports (H): Used for upgrading BIOS information.

Rear Panel:

• Power supply 1 (A) & 2 (B): Redundant power supplies for enhanced reliability.
• LAN 10GB ethernet port 1 (C): Recommended for all network connections when using Tufin Orchestration Suite Aurora.
• LAN 10GB ethernet port 2 (D), 3 (E), 4 (F): Additional high-speed Ethernet ports.
• 2 USB 3.0 ports (G): For connecting USB devices.
• IPMI LAN (H): Dedicated IPMI management interface for remote "lights-out management."
• Serial port (I): Standard serial port for console access and system redirection.
• VGA port (J): For connecting a display.
• 1 PCI-E 3.0 low profile slot (K): Expansion slot.
• 2 PCI-E 3.0, full height, full length slots (L): Additional expansion slots.

Usage Features:

• Pre-installed TufinOS: The appliance comes with TufinOS pre-installed, simplifying initial setup.
• Quick Start Guide: Comprehensive documentation for step-by-step setup, including connecting to the network, configuring the Remote Management Module (RMM), and installing/configuring TOS Aurora or Classic.
• Network Configuration: Predefined IP address (192.168.1.100/24) for initial setup, requiring users to change it before connecting to their main network.
• Console Access: Supports console access via a DB9 console cable with specific settings (57600 bps, 8 data bits, no parity, 1 stop bit, no flow control).
• Remote Management Module (RMM): Allows for remote administration tasks, including TufinOS or TOS upgrades, without physical access. RMM can be configured via BIOS, SSH, or console. It requires specific ports to be open (HTTP 80, HTTPS 443, IPMI Virtual Media 623, Remote Console 5900/5901, SSH 22, WS-MAN 5985).
• TOS Aurora/Classic Installation: Detailed instructions for installing and configuring the chosen Tufin Orchestration Suite version, including network requirements (dedicated 24-bit CIDR subnet, virtual IP (VIP), physical network IP), command-line installation steps, and web interface configuration.
• SecureTrack and SecureChange Configuration: Guides for setting up administrative users, changing default passwords, configuring network settings (DNS, NTP), and integrating with mail servers or LDAP directories.
• User Management: Ability to create and modify RMM users with specific privileges.
• End User License Agreement (EULA): Requires acceptance during TOS installation.

Maintenance Features:

• Factory Defaults Restoration: The appliance can be restored to factory defaults using a provided USB flash drive. This process deletes all information, including database records, backup files, and logs.
• Backup and Restore: Users are advised to back up Tufin Orchestration Suite databases (SecureTrack and SecureChange) to external storage before restoring factory defaults. Instructions are provided for both Aurora and Classic versions.
• TufinOS and TOS Upgrades: The appliance supports upgrading TufinOS and TOS Aurora/Classic to newer versions. RMM is recommended for TufinOS upgrades. Release notes and compatibility information are available in the Tufin Release Notes Knowledge Center.
• Monitoring and Troubleshooting: Information LEDs provide visual cues for system health, fan status, power status, and hard drive activity, aiding in quick diagnosis of issues.
• Technical Support: Access to worldwide technical services via web, email, or telephone, with a dedicated support portal and phone number for immediate assistance.
• Documentation: This Quick Start Guide, along with other Tufin documentation (e.g., Intel® Remote Management Module 4 (Intel® RMM4) User Guide), provides comprehensive information for setup, configuration, and maintenance.