www.tufin.club

In April, Tufin has released TufinOS 4.70, based on Rocky Linux 8.10 latest versions. 
It includes Kernel version 4.18.0-553.89.1.el8_10.x86_64 and 105 updated RPMs. TufinOS includes now 755 RPMs in total. 

TufinOS is available for Tufin Appliances Gen 4.0 (T-800, T-1200), as well as Gen 4.5 (T-820, T-1220) and the new Gen 5.0 applicances (T-900, T-1300). 
It cannot be deployed on Gen 3.5 appliances T-1100XL and T-1100 (!)
As before, the supported hypervisor is VMware. 

TufinOS is available in the Download Section of the Tufin Portal: https://portal.tufin.com (authentication required).

 

Since many years it's possible to configure SLAs for SecureChange Workflows. In earlier times, there was no option to disregard e.g. weekends. So if a step needed to be completed within 2 days, a problem was there during weekends: Step started on Friday afternoon and not worked on until Monday. 

Today, a granular configuration is possible. It's done in SecureChange via Menu > Settings > SecureChange > Miscellaneous

As shown above, it's possible to define business hours as well as business days. Additionally, there is an option to import / export further dates like e.g. public holidays. When exporting the list as CSV file, it should not be edited in Excel - the import will fail afterwards. It's recommended to modify this file with a simple editor like Notepad++ or similar. Then, the import is usually successful.
Please find below a sample for 2026 (Germany) that you can copy, modify and import into your TOS installation. 

"name","from_date_yyyy-mm-dd","to_date_yyyy-mm-dd","comment"
"New Year's Day","2026-01-01","2026-01-01","Neujahr"
"Twelfth Day","2026-01-06","2026-01-06","Heilige Drei Könige (nicht überall)"
"Good Friday","2026-04-03","2026-04-03","Karfreitag"
"Easter","2026-04-05","2026-04-06","Ostern"
"Labor Day","2026-05-01","2026-05-01","Tag der Arbeit"
"Ascension Day ","2026-05-14","2026-05-14","Christi Himmelfahrt"
"Pentecost","2026-05-25","2026-05-26","Pfingsten"
"Feast of Corpus Christi","2026-06-04","2026-06-04","Fronleichnam (nicht überall)"
"Feast of the Assumption","2026-08-15","2026-08-15","Mariä Himmelfahrt (nicht überall)"
"German Unity Day","2026-10-03","2026-10-03","Tag der deutschen Einheit"
"All Saints' Day","2026-11-01","2026-11-01","Allerheiligen (nicht überall)"
"Christmas","2024-12-24","2025-12-26","Weihnachten"
"New Year's Eve","2026-12-31","2026-12-31","Silvester"

 

 

 

Nearly since the first versions of Tufin SecureTrack, Check Point Management-HA has been supported by Tufin. The requirements at that time were not as high as today and the software has been much more simple than today. 

In an earlier article about Check Point Management-HA some restrictions of SecureTrack have been pointed out (regarding e.g. Ticket-IDs or certification dates for rules). Today, there are further "specialities" when using the Rule Viewer. 
Actual versions don't consider the mechanism of Check Point Management-HA (not even in the data base). So if two Management Servers are connected to SecureTrack, each rule is shown twice (also if the secondary Management is imported correctly to SecureTrack using https://<ST>/tools). 

Following Tufin Support, the official workaround is to filter also for the Device ID of one of the two Check Point Management Servers. And, it's recommended to open a Request for Enhancement (RFE) asking Tufin to improve the functionality when Check Point Management-HA is deployed. 

 

 

 

 

Tufin has released a new generation of appliances for TOS. 
They incluce enterprise-grade hardware and deliver sufficient resources to run Tufin's solution. Two appliances are available:

T-900 (R470XL Platform)

  • Processor
    1 x Intel® Xeon® 6 Performance 6521P, 2.6GHz
    (24 physical cores; 48 threads)
  • RAM
    256GB DDR5-6400 RDIMM (8 x 32GB)
  • Data Storage
    Data SSD: 1.92 TB (2 x 1.92 TB RAID1)
    ETCD SSD: 800 GB (2 x 800 GB RAID1)

T-1300 (R670SL Platform)

  • Processor
    2 x Intel® Xeon® 6 Performance 6515P 2.3GHz
    (32 physical cores; 64 threads)
  • RAM
    256GB DDR5-6400 RDIMM (16 x 16GB)
  • Data Storage
    Data SSD: 7.68 TB (4 x 3.84 TB RAID10)
    ETCD SSD: 800 GB (2 x 800 GB RAID1)

Please refer to here for getting more detailed information. 

 

 

 

Tufin has released TufinOS 4.60, based on Rocky Linux 8.10 latest versions. 
It includes Kernel version 4.18.0-553.74.1.el8_10.x86_64 and 188 updated RPMs. TufinOS includes now 741 RPMs in total. 

TufinOS is available for Tufin Appliances Gen 3.5 (T-1100, T1100-XL), Gen 4.0 (T-800, T-1200), as well as Gen 4.5 (T-820, T-1220). 
Supported hypervisor is (as before) VMware. 

TufinOS is available in the Download Section of the Tufin Portal: https://portal.tufin.com

 

 

 

Tufin has officially released TOS R25-2. It's the second and final version of the Tufin Orchestration Suite of 2025. 
TOS R25-2 is available as GA and can be downloaded from the Tufin Portal (authentication required).
Some improvements of TOS R25-2:

Change Monitoring, Automation, and Orchestration

  • SecureTrack
    Legacy reports in SecureTrack now use a 64-bit process, delivering better performance esp. for devices with a large number of rules and objects

  • SecureTrack
    A Rule Optimizer allows to deliver hints how to tighten the rule base, based on real-time traffic logs, for AWS, Azure NSGs and Zscaler ZIA

  • SecureTrack
    The Topology Map now supports generic policy-based routing (PBR) in the Path Analysis. PBR rules of monitored devices can be defined, edited, monitored and mapped. 

  • SecureChange
    The Rule Recertification Workflow has got some improvements, including a better UI and certification history

  • SecureChange
    The Designer now has a new interface for Access Requests involving changes on OPM devices, Azure NSGs, Azure firewalls, Zscaler ZIA, Huawei, Versa and others

Devices and Platforms

  • TufinOS
    TufinOS is now available as an Amazon Machine Image (AMI) in the AWS Marketplace

  • Azure
    Starting with R25-2 PHF1, Microsoft Azure Subscriptions for a given Tenant can be onboarded very simple, allowing Azure Subscriptions to be managed and monitored in an easy way

  • Azure
    Starting with R25-2 PHF2, Azure VNET is going to be imported automatically, enabled for individual subscriptions

  • Azure and OPM devices
    Change automation is possible for access requests involving Azure NSGs and OPM devices

  • AWS
    Management of AWS accounts at organizational level is possible now, also automatically

  • Cisco
    Cisco ACI endpoint security groups (ESGs) are supported now in object and contract comparisons, change tracking, and ESG-based path analysis in the Topology Map

  • Cisco
    For Cisco FMC Tos now takes AppID and URL category into account, improving also path analysis

  • Cloud
    Checking compliance with USPs is now also possible for AWS, GCP and Azure network security groups installed on a NIC

  • Palo Alto
    Palo Alto Networks external dynamic lists (PAN EDLs) are supported now, alloing e.g. filtering by IP in the Rule Viewer

  • Zscaler
    Zscaler ZIA is now integrated into SecureChange, allowing automatic Target selection in Access Requests as well as Risk Analysis and the use of Designer and Verifier

Administration

  • Installation 
    When installing TufinOS on VMware ESXi, the disk setup considers the separation of ETCD as part of the configuration workflow

  • Updates
    When installing a patch, from now on it isn't necessarily the complete package that is installed. Tufin has optimized TOS for being able to receive (smaller) hotfixes also

  • Remote Collector
    From now on, Remote Collectors automatically recover after disaster recovery switchover and restore of the central cluster

Further improvements, as well as corrections, are included in R25-2.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com