Tufin has released TOS R23-2, the second version of the Tufin Orchestration Suite of 2023.
TOS R23-2 is available as GA and can be downloaded from the Tufin Portal (authentication required).
Some improvements of TOS Aurora R23-2:
Change Monitoring, Automation, and Orchestration
- SecureChange (Palo Alto Networks)
Automation for Panorama URL Categories allows design and provisioning for URL Categories also. - SecureChange
Rules from different devices can be added to a single ticket using the Rule Viewer. This is available for Rule Decommission, Rule Modification, and Rule Recertification tickets. - SecureChange
Extension Apps have been added to the SecureChange menu. - SecureChange
A new page for "My Requests" has been integrated into SecureChange. - SecureTrack
Topology and Automation now support Internet Objects, that can be directly inserted into Devices by Check Point and Forcepoint. - SecureCloud
SecureCloud now displays a risk assessment for assets exposed to the internet based on the data returned from the firewalls monitored by SecureTrack. - SecureTrack
The Rule Viewer now offers the option to view the change history of a rule by the new tab "Rule History".
Deployment
- License
In order to monitor license consumption and accurate auditing, a mechanism for tracking the license usage is introduced. The licenses of SecureTrack+, SecurecChange+, and Enterprise can be sent automatically to Tufin. More information here. - License
The License Management in SecureTrack has a new user interface that can be accessed by SecureTrack Super Administrators. - Appliances
New appliances for TOS are available now. They come pre-installed with TufinOS and TOS Aurora. There are two different appliances available: T-820 and T-1220. - Operating Systems
In June 2024 CentOS 7 as well as TufinOS 3 are going to be End-of-Life. TufinOS 4 and Red Hat Enterprise Linux / Rocky Linux 8.6 are the successors. They are available for on-premise installations, cloud deployments require Rocky Linux 8.6. - Google Cloud
Tufin now supports high availability for GCP over three availability zones.
Devices and Platforms
- AWS
VMware NSX-T on AWS (VMware cloud) is supported for TOS, providing the same features as with on-prem NSX deployments. - Azure
Network Security Groups (NSG) can be used as targets in SecureChange Access Requests. The verifier is now able to check automatically implemented policies. - Azure
The deployment of TOS in Microsoft Azure is supported for very large installations also. Sizing requires help from Tufin. - Check Point
The management of Check Point devices can be done in the cloud using Check Point Smart-1 Cloud. This is supported by Tufin now. - Cisco
Cisco Viptela is now supported in SecureTrack Topology, including OMP routes as well as SD-WAN interfaces and SD-WAN labels. - Cisco
The Designer now can automatically create rules with custom logging for Cisco ASA devices. - Palo Alto Networks
Tufiin is now able to monitor Palo Alto Networks Prisma Access Policies managed by Panorama devices.
GraphQL API
- Enhancements for SecureTrack
- A new query returns all changes made in a selected revision that affect a specific rule.
- A new query returns a list of revisions in a specific time frame that affects a selected rule.
REST API
- Enhancements for SecureTrack
- NAT information can be retrieved per revision, not only for the last revision.
- Dynamic Topology data can be retrieved from a specific device tree. This subset can be refreshed without the need of a Topology "Full Sync".
- Enhancements for SecureChange
- URL Category Zones can be set and get for path calculation and target selection.
- It is possible to run "commit now" for a specific device in a SecureChange ticket for Check Point R8x, FortiManager, and Panorama.
- Enhancements for SecureApp
- It is possible to search network objects not only by their name but also by IP address, subnet, and comment.
Further improvements, as well as corrections, are included in R23-2.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com
