Tuesday, February 5, 2013

TCSE with Dimension Data in Switzerland

Dimension Data Security Training Center in Lausanne offers Tufin Certified Security Expert course. The course is for two days. It covers both SecureTrack and SecureChange. The training is provided in English.

Feel free to sign in and/or ask any question.

Friday, February 1, 2013

SecureTrack tools: adding Check Point HA MGMT server

SecureTrack has a not-so-well-known set of tools for advanced operations.

For example, if one has Check Point Management HA setup, it may not be so clear how to monitore it correctly. Adding HA pair of CMAs/SmartCenters is not covered in the User Guide. As most of serious customers actually have redundant management systems, it might be good to know how to do this.

There is an article about adding secondary Check Point management to SecureTrack in Tufin Knowledge Center, but one has to be a registered user to access it.

In case you do not have an access to the article, here is a short description of the process.

First, log into your SecureTrack WebUI with an admin account. Now change the URL in the browser to https://<Your SecureTrack IP>/tools

You will see something like that:

Click on the 5th link to add your HA MGMT server. You will get the following menu

Mind your primary server should already be monitored. Add the details of the HA pair and press "Submit".

You now have both primary and secondary CMAs/SmartCenters monitored.

Wednesday, January 30, 2013

SecureTrack topology map: dealing with separated sites

With multiple devices in SecureTrack and SecureChange, correct topology is essential for many different tasks: risk analysis, point to point connectivity checks, zone definitions, automatic target suggestions in SC, etc.

When you start building up the system, in most of the cases you have to fine tune your topology map. For example, if you have several geographical locations interconnected through WAN or Internet, they will most probably appear as on the map as separate isolated networks. Each one of these networks would have one or even several "clouds" representing external uplinks.

To interconnect these multiple sites one might want to set up a generic routing instance. Although this approach works, there is an easier one. You might just use cloud joining approach.

Go to Topology Map and open one of those external clouds. Go to Join Cloud menu and choose the corresponding cloud from the other site. Save the change. Now you have your separated sites linked.

Sometimes we have multiple links between the sites, for example the main Internet link and a backup link. In this case one has to merge couds twice, for the main and for backup links.

Hello world

This is my professional blog about Tufin. I will be writing here notes, solutions, tricks and other things related to Tufin products I do not want to forget.

This approach works perfectly with CCMA blog, and considering I am more and more involved with both installations and training, it is a goot time to start.