Security Policy Orchestration

T-1100/1100XL Quick Start Guide

www.tufin.com
 Table of Contents

Chapter 1:Introduction 4
Welcome 4
Overview 4

Chapter 2:The T-1100 Front and Rear Panels 5

Front Panel 5
Front Panel LEDs and buttons 6
Rear Panel 7

Chapter 3:Setting Up 8
Setting up the T-1100 8
Advanced CLI Configuration 15

Chapter 4:Restoring Factory Defaults 16

The Next Step 18

Support 18

Tufin at a Glance 18

Trademarks 18

For assistance, please call 1-877-270-7711 or email: support@tufin.com 3

 Chapter 1: Introduction

WELCOME
Congratulations on choosing the T-1100 Appliance from Tufin Technologies, the
industry’s most comprehensive firewall operations management solution. Our
worldwide technical services team is available to you through the web, email, or
telephone. See http://www.tufin.com/support for your preferred mode of
communication. We look forward to supporting all of your current and future
firewall operations needs.

OVERVIEW
Information in this guide applies to both the T-1100 and the T-1100XL.
The Tufin T-1100 appliance is designed to simplify integration and use of Tufin
Orchestration Suite (TOS) by providing a unified hardware and software
solution. The T-1100 is preinstalled with TufinOS, a proprietary hardened Linux
operating system, and the Tufin Orchestration Suite, which includes these
software solutions: SecureTrack™, SecureChange™ and SecureApp™. By
default, all TOS products are enabled. You can modify these settings according
to your needs.
This document provides:
• Shipping container contents, and descriptions of the appliance panels
• A step by step guide to getting the appliance and software up and running
• Instructions for restoring factory defaults
To set up device monitoring by SecureTrack, to configure SecureChange, or for
more information, see the online help (in the product, click Help) or see the Tufin
Knowledge Center at: https://forum.tufin.com/support/kc
Shipping Container Contents
ITEM DESCRIPTION

Appliance T-1100/1100XL appliance

Cables 2 power cables

1 RJ-45 (CAT 5e) network cable
1 DB9 console cable

USB flash drive USB flash drive for appliance recovery

Documentation This Quick Start Guide

Other hardware Rack mounting kit

Appliance front bezel

4 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-1100 Quick Start Guide
 Chapter 2: The T-1100 Front and Rear Panels
Figure 2-1 shows the front of the appliance with the bezel removed.
Figure 2-2 shows the front control switches and status LEDs.
Figure 2-3 shows the rear of the appliance.

FRONT PANEL

Figure 2-1: Front view of the T-1100 appliance (bezel removed)

ITEM DESCRIPTION ITEM DESCRIPTION

A VGA port G Hard drive bay 3

B 2 USB 3.0 ports H Hard drive bay 4

C Front panel LEDs and buttons I Hard drive bay 5

(expanded in figure 2-2)

D Hard drive bay 0 J Hard drive bay 6

E Hard drive bay 1 K Hard drive bay 7

F Hard drive bay 2

Table 2-1: Front view of the T-1100 appliance (bezel removed)

For assistance, please call 1-877-270-7711 or email: support@tufin.com 5

 FRONT PANEL LEDS AND BUTTONS
All control buttons and status LEDs are located on the front of the appliance:

Figure 2-2: Front LEDs and buttons

ITEM FEATURE DESCRIPTION

A System ID button with When pressed, it toggles the ID LEDs on the front and back of the
integrated LED (green) appliance.

B Halt button When pressed, it puts the server in a halt state so that the memory can
be downloaded for diagnostics

C Onboard LAN LED Indicates NIC activity for each of the two onboard network interfaces.
(green)

D System cold-reset button When pressed, it reboots the appliance.

E HDD activity/ fault LED Indicates HDD activity when green, or an HDD fault when red. This is an
(green/red) aggregated indication for all hard disk drives in the system. Each hard
disk contains its own activity and fault indicators.

F System status Indicates system status as follows:

(green/red) • Steady green indicates system in standby or ready for operation.
• Blinking green indicates degraded operation (e.g., power supply
nonredundancy, part of system memory mapped out by BIOS).
• Blinking red indicates one or more non-critical fault conditions.
• Steady red indicates one or more critical fault conditions.

G Power button with
integrated LED (green)
When pressed, it toggles the system power. When continuously lit,
indicates the presence of power supply output power in the appliance.
The LED turns off when the power supply is turned off or the power
source is disrupted.
Table 2-2: Front LEDs and buttons

6 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-1100 Quick Start Guide
 REAR PANEL

Figure 2-3: Rear view of the T-1100 appliance

ITEM DESCRIPTION ITEM DESCRIPTION

A Power supply 1 F RJ45 serial port

B Power supply 2 G 3 USB 3.0 ports

C Onboard LAN (eth0) H RJ45 Remote Management Module (RMM); For more about
this interface, go to the Tufin Knowledge Center at:
https://forum.tufin.com/support/kc

D Onboard LAN (eth1) I External NIC (eth3)

E Video connector J External NIC (eth2)

Table 2-3: Rear view of the T-1100 appliance

For assistance, please call 1-877-270-7711 or email: support@tufin.com 7

 Chapter 3: Setting Up

SETTING UP THE T-1100

Note: The appliance has a predefined IP address. Before racking the appliance,
make sure to change the IP address either in the first-time wizard (as described
in step 4 below), or via a console connection (see Advanced CLI
Configuration on page 15) in CLI. For CLI instructions see:
https://forum.tufin.com/support/kc/latest/1584.htm
To set up the T-1100:
Step 1: Connecting the Power Cable and Power On
1. Connect the power cable.
2. Boot up the appliance by pressing the Power button on the front panel.
Step 2: Connecting to the T-1100
Connect a network cable to the eth0 (NIC1) port (Figure 2-3, item C), and to a
PC (with a crossover cable) or to a local network that is in the same subnet as
the eth0 port. If you haven't changed it, this is: 192.168.1.100/24
Step 3: Configuring Tufin Orchestration Suite
By default, SecureTrack and SecureChange/SecureApp are enabled. To
change these settings:
1. Open a command line via SSH to the IP address of eth0 (if you haven't
changed it: 192.168.1.100).
2. Log in as: root, with password: system
3. Run the following command:
tos conf
and follow instructions.
If you have disabled SecureTrack and will not be using it on this appliance, skip
to Step 5.
Step 4: (SecureTrack only) Logging into SecureTrack, and Initial Configuration
1. To access SecureTrack with Microsoft Internet Explorer, Mozilla Firefox or
Google Chrome, browse with https to the IP address of eth0. If you have not
changed the IP address, browse to: https://192.168.1.100
2. Accept the certificate.
3. The login window appears. Log in as: admin, with password: admin, and
click Login:

8 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-1100 Quick Start Guide
 4. The SecureTrack Setup Wizard will start at this point. The wizard includes the
following pages:

Login: For security reasons, change the admin password:

For assistance, please call 1-877-270-7711 or email: support@tufin.com 9

 EULA: Accept the End User License Agreement:

Password: Type: system for the Old Password of the TufinOS root user, and
change the password:

10 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-1100 Quick Start Guide
 Networking (optional):

Date & Time:

For assistance, please call 1-877-270-7711 or email: support@tufin.com 11

 User Details: The admin user’s details.
Username and password cannot be changed in this page.

Notifications: SMTP settings for SecureTrack email notifications:

12 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-1100 Quick Start Guide
 License: Installing a license is optional at this stage. To receive a license,
please contact your Tufin reseller.

Finish: Click Save to complete the installation wizard:

For assistance, please call 1-877-270-7711 or email: support@tufin.com 13

 Step 5: (SecureChange only) Logging into SecureChange
1. If SecureTrack is disabled, and you haven’t gone through the SecureTrack
Setup Wizard, use standard Linux commands in TufinOS to do the following:
• Configure interface settings according to your networking needs (eth0 may
still have the preconfigured IP address of 192.168.1.100). For instructions, go
to: https://forum.tufin.com/support/kc/latest/1584.htm
• Change the root password. For instructions, go to:
https://forum.tufin.com/support/kc/latest/1585.htm
• Set the time, time zone, and date. For instructions, go to:
https://forum.tufin.com/support/kc/latest/1024.htm
• (Optional) Configure NTP. For instructions, go to:
https://forum.tufin.com/support/kc/latest/1021.htm
2. To access the SecureChange Administration Console, browse to:
https://<host>/securechangeworkflow
where <host> is the IP address or resolvable name of the T-series appliance.

14 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-1100 Quick Start Guide
 3. Log in as: admin, with password: admin
To further configure SecureChange, see the SecureChange User Guide, at:
https://forum.tufin.com/support/kc/latest/sc_userguide.htm
For instructions on adding devices to be monitored, see the SecureTrack User’s
Guide, at:
https://forum.tufin.com/support/kc/latest/st_userguide.htm
To add SecureTrack on this appliance to a distributed deployment, see the
SecureTrack User's Guide, at:
https://forum.tufin.com/support/kc/latest/2456.htm

ADVANCED CLI CONFIGURATION

CLI access can be achieved by console connection or through SSH access. To
use a console connection, configure the terminal to match the following
appliance console port settings:
• 57600 bits per second
• 8 Data bits
• Parity: None
• Stop bit: 1
• Flow Control: None

For assistance, please call 1-877-270-7711 or email: support@tufin.com 15

 Chapter 4: Restoring Factory Defaults
You can restore the factory defaults on the appliance by using the provided USB
flash drive.
Warning! Restoring factory defaults will delete all information on the
appliance including database records, backup files and logs.
1. Backup the Tufin Orchestration Suite databases (SecureTrack and
SecureChange) by running:
tos backup <backup_filename>
Save the backup file on external storage, because the output file will be
deleted from the appliance when you restore factory defaults.
2. Run:
st version
and:
scw version
Record the build numbers to refer to when you restore the backup files.
3. Insert the USB flash drive into the USB port (Figure 2-1, item B), and reboot
the appliance by pressing the Power button or by typing reboot.
The appliance automatically boots from the USB Flash Drive.
Note: If the appliance does not boot automatically from the USB Flash Drive,
you may need to configure the BIOS boot option to do so.
4. Once the appliance is up, you are prompted to specify what console is used.
Enter kvm for KVM switch/monitor and keyboard, or serial for serial
console.
If there is no reply within 60 seconds, all installation messages are directed to
the serial console.
5. Before the installation program resets the system, you will be advised that all
data will be removed from the appliance. Select OK to restore factory
defaults.
TufinOS is installed, after which you are prompted to reboot the appliance.
Make sure to first remove the USB flash drive, or the appliance will boot from
it again. The appliance reboots with factory default settings.
6. Download the latest Tufin Orchestration Suite package from the Tufin Support
site (www.tufin.com/support) and copy it to your appliance.

16 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-1100 Quick Start Guide
 7. Log onto the appliance command line as: root, with password: system
The TOS installation package can be found under the /root directory of the
appliance, in the following filename format:
tos-<TOS_version#>-<TOS_build#>-release.run
For example: tos-RXX-X-XXXXX-release.run
Install Tufin Orchestration Suite by running:
sh <filename>
For example: sh tos-RXX-X-XXXXX-release.run
8. (Optional) To restore the databases from the backup file, run:
tos restore --st –scw --sa <backup_filename>
Note: To restore the backup file you must have the same TOS build running
on the appliance as during backup. If you do not have the correct TOS build,
contact Tufin support.
9. If you are going to be working with the freshly installed databases (that is, you
did not restore databases from a backup file), follow the instructions in
Chapter 3:Setting Up on page 7, from Step 2 onwards.

For assistance, please call 1-877-270-7711 or email: support@tufin.com 17

 The Next Step
You now have the basics you need in order to get started. The next step is to
gain more in depth knowledge of your Tufin software.
You can find complete Tufin documentation at:
https://forum.tufin.com/support/kc

Support
You can login to our support portal to get more technical information or to open
a support request at:
http://www.tufin.com/support
If you need immediate assistance, please call: 1-877-270-7711

Tufin at a Glance

Offices: North America, Europe and Asia-Pacific

Customers: More than 1,500 in over 50 countries

Leading verticals: Finance, telecom, energy and utilities, healthcare, retail,

education, government, manufacturing, transportation and auditors

Channel partners: More than 240 Worldwide

Technology Partners: Amazon Web Services, BMC, Blue Coat, Check Point,
Cisco, F5 Networks, Fortinet, Intel Security, Juniper Networks, Palo Alto
Networks, VMware and more

Trademarks
©2017 Tufin Technologies Ltd.
Tufin, Unified Security Policy, Tufin Orchestration Suite and the Tufin logo are
trademarks of Tufin. All other product names mentioned herein are trademarks or
registered trademarks of their respective owners.

18 Copyright 2003-2018 Tufin Software Technologies Ltd. | T-1100 Quick Start Guide
 Security Policy Orchestration

www.tufin.com
v.11 Copyright 2003-2017 Tufin Software Technologies Ltd. | T-1100/1100XL Quick Start Guide