Tufin has released R18-3, the third version of the Tufin Orchestration Suite in 2018. TOS 18-3 is available as GA now, delivering some improvements, e.g.

Change Automation and Orchestration

  • SecuerChange
    Remove Access for VMware NSX. This kind of Workflow is available for NSX now.
  • Secure Change
    Modify Group Automation for Palo Alto Panorama Shared Objects
  • SecureChange
    Server Decommission Automation, now supported for Palo Alto Panorama Shared Objects and Cisco Firepower Management Console (FMC)
  • SecureChange
    Change Automation Enhancements for Cisco Firepower, now supporting workflows "Allow Access", "Modify Group", "Server Decommission", "Rule Decommission", and "Rule Recertification"
  • SecureChange
    Action "Commit Now" is possible in an automatic step in workflows "Access Request", "Modify Group", "Access Request and Modify Group", and "Rule Decommision" for these Devices: Palo Alto Panorama Advanced Management Mode, Fortinet FortiManager Advanced Management Mode, Check Point CMA R80. Check Point MDS R80 is only supported for "Modify Group"

Security, Risk and Compliance

  • SecureTrack
    Rule Change and Object Change Reports for Palo Alto Panorama Device Groups for Advanced Management Mode and FortiManager ADOM Policies when configured for Advanced Management Mode.
  • SecureTrack
    Enhanced Unified Security Policy (USP) Risk Analysis, e.g. configuration of Default Behavior when an IP address is not covered in the USP

Devices and Platforms

  • SecureTrack
    Fortinet FortiManager Rule Name support for FMG version 5.4 and above
  • SecureTrack
    Syslog support for Check Point R77, so traffic and audit logs can be received using LEA or syslog
  • SecureTrack
    External syslog support for VMware NSX, support of vRealize Log Insight
  • SecureTrack
    Cisco Firepower revision changes support
  • SecureTrack
    Policy-based routing (PBR) and related ACL rules support for Cisco IOS routers in the Interactive Map
  • Support of new devices
    • Cisco ASA 9.9
    • Check Point R80.20 (EA)
    • Palo Alto PanOS 8.1

REST API

  • Improvements for SecureTrack
    • Unified Returned JSON Array Format - continued
    • New Change Windows APIs
    • Get General SecureTrack Properties
    • Enhanced API for retrieving subnet information
    • Restricted pagination for Rule Search API
    • Enhanced API for Monitored Devices
    • Service Search
    • Retrieve suggested targets for an access request
  • Improvements for SecureChange
    • Commit Results
    • Modify Designer suggestion

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

 

 

Tufin has released R18-2, the second version of the Tufin Orchestration Suite in 2018. TOS 18-2 is available as GA now, delivering some improvements, e.g.

Cloud

  • SecureTrack
    Automatically Onboard AWS VPCs
    VPCs are automatically detected now, which covers adding or removing them.

Security Policy Change Automation and Orchestration

  • SecureChange
    Commit Policy Changes. Using this function, policies are pushed from the Management Server to the Firewalls using the Designer. Supported for Check Point, Palo Alto and Fortinet
  • SecureTrack, SecureChange
    The feature Change Windows allows to schedule time slots for committing policies from Management Server to Firewalls, including new report features
  • SecureChange
    Customizable Rule Names for FortiManager allow to define a rule name directly from the SecureChange Designer when changes are implemented.
  • SecureChange
    Change Automation Enhancements for Cisco Firepower allow to implement changes of the security policy automatically.

Devices and Platforms

  • SecureTrack
    Inline Layer Support for Check Point R80.10
  • SecureTrack
    Migrate or Delete Multiple Devices for some Cisco and Check Point Devices using “Device Bulk Tasks”
  • Support of new devices
    • VMware NSX 6.4.0
    • Cisco ASA 9.8
    • Fortinet FortiManager 5.6.3
    • Fortinet FortiGate 5.4.7 and 5.6.3
    • Forcepoint SMC 6.4
    • Palo Alto Panorama 8.1

REST API

  • Improvements for SecureTrack/SecureChange/SecureApp
    Upgrades of REST API Stanadard (JAX_RS) from 1.1 to 2.1, compliant with Java EE8 Apache CXF (which implements JAX_RS 2.1) upgraded from 2.6.16 to 3.2.1
  • Improvements for SecureTrack
    • Unified Returned JSON Array Format for these APIs:
      Get devices, Get device by Id, Add offline device, Update offline device, Get rules by device, Get specific rule, Rule Search APIs
    • Generic Devices APIs:
      Fully manage adding, deleting, or modifying generic devices to the Interactive Map via the REST APIs. New argument “update_topology”.
    • Sync Topology APIs
      Synchronization of Interactive Map by “Fast Topology Sync” or “Full Topology Snyc”
    • Generic VPN connections API
      Retrieval of a list of generic VON in the Topology Map
    • Check Point Inline Layer Support
      Parameter “include_subpolicy” allows support of this mode
    • Additional Data Returned for Check Point Devices
      API responses for “get devices”, “installed_policy” and “parent_id"
    • Filtering Service Group Members
      Optional parameter “show_members” with more information
    • Support for Pagination in USP Exceptions
      Better management of a large number of USP Exceptions
    • Retrieve Domains from SecureTrack
      New “Synchronize Domains” API retrieves all domains from SecureTrack, also synchronizing SecureChange Domains

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

 

Tufin has released the first version of the Tufin Orchestration Suite in 2018: R18-1. TOS 18-1 is available as GA now, delivering some improvements, e.g.

Cloud

  • SecureTrack
    Support of AWS AssumeRole as part of the AWS Security Token Service
  • SecureTrack
    Support of the latest Microsoft Azure SDK 1.2.0

Security Policy Change Automation and Orchestration

  • SecureTrack, SecureChange
    Rule Recertification Automation by a specific workflow
  • SecureTrack, SecureChange
    Cisco Firepower Automation (including Target Suggestion, Risk Analysis, Designer and Verifier)
  • SecureChange
    New Workflow Customization Triggers (e.g. when Automatic Step fails, Pre-Assignment Script)
  • SecureChange
    Enhancements for Manual Target Selection
  • SecureTrack, SecureChange
    Stealth Rule is considered now by Designer

Security, Risk, and Compliance

  • SecureTrack
    Automatic Policy Generator (APG) for Palo Alto Panorama and Fortinet FortiManager

Devices and Platforms

  • SecureTrack
    Dynamic Routing Support for Palo Alto and Fortinet
  • SecureTrack, SecureChange
    Extended Generic NAT for Palo Alto
  • SecureTrack, SecureChange
    Topology Support for Cisco Firepower
  • Support of new devices
    • Fortinet FortiManager 5.4.4
    • Fortinet FortiGate 5.2.11
    • F5 13.0
    • Cisco Security Manager 4.15
    • Cisco Firepower 6.2.3
    • Microsoft Azure SDK 1.2.0

REST API

  • Improvements for SecureTrack
    • Parameter show_members for Network Object APIs
    • Network Topology APIs for NSX
    • Retrieve Total Available Records
    • Offline Device APIs
  • Improvements for SecureChange
    • new Tickets API - Confirm

 

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

Tufin has released the latest version of the Tufin Orchestration Suite. So TOS 17-3 is available in its GA version, delivering some improvements, e.g.

Cloud

  • SecureChange with end-to-end Automation Support for VMware NSX
  • SecureTrack with Enhanced Cisco ACI Support
  • License visibility is given now

Security Policy Change Automation and Orchestration

  • Integration of Check Point Identity Awareness Blade Support for Policy Change Automation
  • Enhancements for "Modify Group" workflow, e.g. support of creating new groups and not modify existing only
  • Rule Decommission Automation for Juniper SRX

Security, Risk, and Compliance

  • Policy Browser Search Enhancements
  • Interactive Map Enhancements

Devices and Platforms

  • FortiManager Support Enhancements
  • Cisco Firepower Enhancements
  • Support of new devices / versions:
    • BlueCoat - SGOS 6.7.1.1
    • Cisco - ASA 9.7
    • Cisco - CSM 4.12
    • Forcepoint - SMC 6.3
    • Fortinet - FortiGate 5.6
    • Fortinet - FortiManager 5.6
    • Juniper - M/MX 13.3 R10.2, 16.1 R4
    • VMware - NSX 6.3.3
    • VMware - vCenter 6.5

REST API

  • API Support for Check Point R80 Identity Awareness
  • New Network Topology APIs
  • New Cloud Topology APIs
  • Enhanced Rule Search
  • Authentication using TACACS via REST API

 

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

 

 

 

 

Today Tufin has released the latest version of the Tufin Orchestration Suite. So TOS 17-2 is available in its GA version, delivering some improvements, e.g.

Cloud:

  • SecureTrack for Azure Resource Manager
    Working with VNETs and NSGs for the Azure Resource Manager Cloud Environment

Security Change Automation and Orchestration:

  • Separation of steps for Design and Provisioning
    Both is done by the Designer, but separate teams are able to work with different duties (Design Team, Provisioning Team).
  • Full Automation for Palo Alto Panorama NGFW Security Profile Groups using Content-ID
    Zero-Touch end-to-end automated changes for PAN NGFW policies that include Security Profile Groups and Content-ID Inspection
  • Full Automation for Palo Alto Panorama NGFW Log Forwarding Profiles
    Zero-Touch end-to-end automated changes for PAN NGFW policies that include Log Forwarding Profiles.
  • End-to-end Server Decommission Automation
    Working with Designer and Provisioning for Check Point R80/R80.10, Palo Alto Panorama, Cisco ASA, Cisco IOS, Juniper SRX, and Fortinet FortiManager

Security Risk and Compliance:

  • Unified Security Policy (USP) Alerts
    It's possible to use USP alerts in SecureTrack now.

Devices and Platforms:

  • Support of Cisco Firepower Management Center (FMC) by SecureTrack
  • Full Cross-Suite Support of Check  Point R80.10
  • Support of Palo Alto Dynamic Access Group (DAG) Objects for VMware NSX by SecureTrack and SecureChange
  • Support of Fortinet Fortigate 5.4.4 and FortiManager 5.4.3
  • Support of Juniper JM/MX 13.3
  • Support of Palo Alto Panorama PanOS 8.0.1

REST API:

  • SecureTrack: additional_parameters API (parameter: type), devices API (parameter: sort), rule_search API (parameter: start, count)
  • USP Alerts: creation, modification, retrieval and deletion with Unified Security Policy Alerts commands
  • Better modification of Designer Suggestions using the command modify designer suggestion

 

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

 

The new and first GA version in 2017 of the Tufin Orchestration Suite (TOS) is available: 17-1.
This GA Version delivers some improvements, e.g.

Cloud:

  • USP Based Security Groups in SecureTrack
    Dynamic micro-segmentation policies for cloud environments, USP Policies that are not based on specific IP addresses and simplified compliance and risk analysis
  • AWS Direct Connect Support
    Integration of AWS Direct Connect in Topology, including the interfaceS

Security Change Automation and Orchestration:

  • Zero-touch, end-to-end full automation for Palo Alto Panorama UserID (NGFW)
  • End-to-end Rule Decommission workflow with Provisioning
  • Cisco ASA IPv6 Change Automation

Security, Risk and Compliance:

  • Rules and Objects Report support for Panorama Device Groups Policies
  • Palo-Alto Pre- and Post-rules Marked in Policy Browser
  • Rules and Objects Report support for FortiManager ADOM Policies

Application Management:

  • IPv6-based Application Management

Devices and Platforms:

  • Forcepoint (formerly Stonesoft SMC): Support of Stonesoft SMC 6.1
  • Juniper: Support of SRX 12.3x48

REST API:

  • LDAP
    Retrieve the base DN entry, details about a specific DN below the base DN entry, search for all entries that match (EXACT, CONTAINS, STARTS_WITH, ENDS_WITH) a specific string, or search for entries that exactly match a set of strings.
  • Network Zone Manager - Patterns
    Retrieve, create, and modify security group patterns for identifying violations.
  • Rule Decommission Designer Results and Provisioning Commands
    Retrieve Designer results and Provisioning commands for Rule Decommission.

 

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com