INFOBLOX & TUFIN INTEGRATION TEMPLATES, DEPLOYMENT GUIDE, SOLUTION NOTE & DEMO VIDEO
Hello,
The combined power of Infoblox and Tufin working together helps empower actionable insight into the entire infrastructure, discovering security risks quicker and more accurately and investigating and ranking security policies, all while improving on the organization’s security and compliance.
Infoblox provides Tufin with resources such as networks and potential threats and, in exchange, Tufin gets improved management on networks and security risks, including the ability to create policies and keep companies within compliance with the data received through Infoblox. The integration with Infoblox and Tufin allows faster policy management and more insight into the entire network.
Tufin offers Infoblox networks improved management on the Infoblox DDI and keeps Infoblox within the compliance with policies set by the organization through Tufin. Tufin can add networks to any network view inside Infoblox, allowing further control of the network structure and policies from a single hub on Tufin.
Don’t forget to check out the Video for deploying and using the Tufin integration:
The templates require extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level.
|
Extensible Attributes |
Description |
Type |
|
Tufin_Last_Incident |
Contains the last date and time when an asset had an incident sent from Infoblox |
String |
|
Tufin_Send_Incident
|
Defines if an asset should send an incident if RPZ, ADP or DNS Tunneling events occur |
List (true, false) |
|
Tufin_Sync
|
Defines if a network should be synced with Tufin. |
List (true, false) |
|
Tufin_SyncTime
|
Contains date/time when the network was synchronized. |
String |
|
Tufin_Zone
|
Defines a List of possible Tufin zones to push networks from Infoblox. |
List (Tufin Zone) |
|
Tufin_Sync_Zones
|
Defines a List of possible Tufin zones to be synced to an Infoblox Network View. |
List (Tufin Zones) |
In the attached documents you will find the templates for the Tufin integration in txt format. The templates are provided “as-is” and should be tested in your lab environment and modified as needed before implementing them into production. Here you will find the link to the deployment guide for the Tufin integrations: https://www.infoblox.com/resources/deployment-guides/integration-with-tufin
Here is the Solution Note: https://www.infoblox.com/resources/solution-notes/simplifying-the-management-network-security-zone-policy-with-infoblox-tufin
Answers
-
Hi
we have implemented your templates and using the Network_Sync template for updating zones configured in Infoblox to Tufin. But we will run into an error if we add a new network. Those messages we got in the debug log:
(DEBUG): Executing step Check_If_Modify (1)
(DEBUG): Found a/an AND condition step!
(DEBUG): Evaluating statement: MODIFY == MODIFY
(DEBUG): Evaluating statement: != Tufin-Zone-A
(DEBUG): The condition matched!
(DEBUG): Executing the eval block
(DEBUG): An error has occurred while processing a template
(DEBUG): Variable E: previous_values sub-addressing cannot be executed successfully, please verify the indexes / keys passed are correct (last key tried: "<a complex substitution inner selector>" in "<a complex variable>")Do you have an idea, what's going wrong?
Thanks
Jens
0 -
Based on the logs looks like you are trying to modify a network.
(DEBUG): Evaluating statement: MODIFY == MODIFY
Is it a newor existing network on the IPAM side?
0 -
Hello Gottel,
looks like you have some strange variable inside your Extensible attribute would you mind sharing your variables you have for:
Tufin_Zoneand also share the debug log for what you have in the L namespace.you can do it with this step:{"name": "Debug","comment": "DebugOnStart","operation": "NOP","body": "${XC
EBUG:{L:}}"},I believe there may be somthing wrong with the "Previous value" that is causing this issue however I can't be certain unless I see it.0 -
The network is an existing one.
0 -
Hi all
I adapted the "tufin_Asset.txt" template:
{
"name": "Check_If_Modify",
"operation": "CONDITION",
"condition": {
"condition_type": "AND",
"statements": [
{
"left": "${E:A:operation_type}",
"op": "==",
"right": "MODIFY"
},
{
"left": "${E:A:previous_values{extattrs}{Tufin_Zone}{value}}",
"op": "!=",
"right": "${E:A:values{extattrs}{Tufin_Zone}{value}}"
},
{
"left": "${E:A:previous_values{extattrs}{Tufin_Zone}{value}}",
"op": "!=",
"right": ""
}
],
"else_eval": "${XC:COPY:{L:Zone}:{E:values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone}:{E:values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone_2}:{E:values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone_2}:{E:values{extattrs}{Tufin_Zone}{value}}}",
"else_next": "Get_Zone_ID",
"eval": "${XC:COPY:{L:Zone}:{E:previous_values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone}:{E:previous_values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone_2}:{E:values{extattrs}{Tufin_Zone}{value}}}${XC:COPY:{L:Zone_2}:{E:values{extattrs}{Tufin_Zone}{value}}}"
}
},And the second adaption after the section "Check_If_Inserted_Event":
{
"name": "Check_If_Modify_Inserted_Event",
"comment": "Check_If_Modify_Inserted_Event",
"operation": "CONDITION",
"condition": {
"condition_type": "AND",
"statements": [
{
"left": "${E:A:operation_type}",
"op": "==",
"right": "MODIFY"
},
{
"left": "${E:A:previous_values{extattrs}{Tufin_Zone}{value}}",
"op": "!=",
"right": ""
}
],
"next": "Check_If_IPv6_Skip_Check"
}
},This allows me to sync the existing networks to Tufin, without any errors. Maybe you want to update your template after testing my solution.
Thanks
Jens0
Categories
- All Categories
- 5.1K Forums
- 4.6K Critical Network Services
- 463 Security
- Visibility and Insights
- Ideas Portal
- Webinars & Events
- 266 Resources
- 266 News & Announcements
- Knowledge Base Articles
- Infoblox Documentation Portal
- Infoblox Blog
- Support Portal
- 4 Members Hub
- 4 Getting Started with Community
- Community Support