Sounds like nobody else is interested in this issue, but just in case someone else will work with Tufin in the future... You can safely edit XML configuration file and add/reorder missing interfaces (I haven't tried to remove an interface yet, but I guess it works); just for the record, missing interfaces were created before a PANOS upgrade, the only ones listed into VSYS were those we added after such upgrade. Tufin needs a little bit of hammering: according to Tufin support, SecureTrack should have detected the new interfaces after a restart of the corresponding service [root@tufin]# st stat | grep <FW-NAME> <FW-NAME> 10.0.0.1 23 Palo Alto Networks - evaluation Started Once you know the id of the firewall, e.g. 23, you restart corresponding process [root@tufin]# st restart 23 Stopping SecureTrack process for server <FW-NAME> - 10.0.0.1 (Id: 23) SecureTrack process stopped for server 10.0.0.1 (Id: 23) Error: Can't connect to remote host using URL 'https://localhost/securetrack/api/devices/deviceChanged'. reason: Operation timed out after 300000 milliseconds with 0 bytes received Since I got above error message and Tufin did not detect newer configuration, I restarted again the service corresponding to <FW-NAME> from GUI (Settings-Administration menu) and the interfaces were properly detected, as well as the new configuration file. In order to fix Tufin network topology, however, I had to restart Tufin server (shutdown -r) and now I can see <FW-NAME> in SecureTrack map. So long
... View more