On this page
Installing Non-Tufin Agents and Tools
Overview
This document provides guidance for those who want to use third-party security agents on Tufin servers. While Tufin does not recommend installing such agents on a TOS dedicated server, we understand that you may choose to do so or may already have one or more agents installed. This document outlines key components and capabilities that must not be impacted by these agents.
Tufin aims to provide you with flexibility; however, due to the wide variety of third-party agents, it is your responsibility, along with your third-party provider, to ensure the proper operation and compatibility of the agent. Tufin cannot assist with application-level issues if third-party agents interfere with cluster capabilities or alter the configurations of our components.
We may update this guidance from time to time, and we encourage you to stay informed about any changes.
Affected components
If you install any kind of third-party (non-Tufin) agent, it must not affect any of the following components:
-
iptables
-
Services and ports used by TOS. See Ports and Services.
-
Performance including I/O, memory, and CPU.
-
Folders including permissions and ownership:
-
/opt/tufin/
-
/var/lib/rancher/k3s/
-
/etc/rancher/
-
-
Databases used by TOS:
-
MongoDB
-
Cassandra
-
Postgres
-
Kafka
-
neo4j
-
Disclaimer
If a third-party agent is found to be impacting the Tufin application or any of the components listed on this page, you will be required to disable the agent for Tufin to investigate the problem. If the reported problem ceases to occur after disabling the agent, Tufin support will make every effort to identify the cause of the problem. Tufin may also require the third-party agent to be disabled during maintenance procedures to avoid unexpected consequences.