Tufin has released TOS R23-2, the second version of the Tufin Orchestration Suite of 2023.
TOS R23-2 is available as GA and can be downloaded from the Tufin Portal (authentication required).
Some improvements of TOS Aurora R23-2:

Change Monitoring, Automation, and Orchestration

  • SecureChange (Palo Alto Networks)
    Automation for Panorama URL Categories allows design and provisioning for URL Categories also.

  • SecureChange
    Rules from different devices can be added to a single ticket using the Rule Viewer. This is available for Rule Decommission, Rule Modification, and Rule Recertification tickets.

  • SecureChange
    Extension Apps have been added to the SecureChange menu.

  • SecureChange
    A new page for "My Requests" has been integrated into SecureChange.

  • SecureTrack
    Topology and Automation now support Internet Objects, that can be directly inserted into Devices by Check Point and Forcepoint.

  • SecureCloud
    SecureCloud now displays a risk assessment for assets exposed to the internet based on the data returned from the firewalls monitored by SecureTrack.

  • SecureTrack
    The Rule Viewer now offers the option to view the change history of a rule by the new tab "Rule History".


  • License
    In order to monitor license consumption and accurate auditing, a mechanism for tracking the license usage is introduced. The licenses of SecureTrack+, SecurecChange+, and Enterprise can be sent automatically to Tufin. More information here.

  • License
    The License Management in SecureTrack has a new user interface that can be accessed by SecureTrack Super Administrators.

  • Appliances
    New appliances for TOS are available now. They come pre-installed with TufinOS and TOS Aurora. There are two different appliances available: T-820 and T-1220.

  • Operating Systems
    In June 2024 CentOS 7 as well as TufinOS 3 are going to be End-of-Life. TufinOS 4 and Red Hat Enterprise Linux / Rocky Linux 8.6 are the successors. They are available for on-premise installations, cloud deployments require Rocky Linux 8.6.

  • Google Cloud
    Tufin now supports high availability for GCP over three availability zones.

Devices and Platforms

  • AWS
    VMware NSX-T on AWS (VMware cloud) is supported for TOS, providing the same features as with on-prem NSX deployments.

  • Azure
    Network Security Groups (NSG) can be used as targets in SecureChange Access Requests. The verifier is now able to check automatically implemented policies.

  • Azure
    The deployment of TOS in Microsoft Azure is supported for very large installations also. Sizing requires help from Tufin.

  • Check Point
    The management of Check Point devices can be done in the cloud using Check Point Smart-1 Cloud. This is supported by Tufin now.

  • Cisco
    Cisco Viptela is now supported in SecureTrack Topology, including OMP routes as well as SD-WAN interfaces and SD-WAN labels.

  • Cisco
    The Designer now can automatically create rules with custom logging for Cisco ASA devices.

  • Palo Alto Networks
    Tufiin is now able to monitor Palo Alto Networks Prisma Access Policies managed by Panorama devices.


  • Enhancements for SecureTrack
    • A new query returns all changes made in a selected revision that affect a specific rule.
    • A new query returns a list of revisions in a specific time frame that affects a selected rule.


  • Enhancements for SecureTrack
    • NAT information can be retrieved per revision, not only for the last revision.
    • Dynamic Topology data can be retrieved from a specific device tree. This subset can be refreshed without the need of a Topology "Full Sync".

  • Enhancements for SecureChange
    • URL Category Zones can be set and get for path calculation and target selection.
    • It is possible to run "commit now" for a specific device in a SecureChange ticket for Check Point R8x, FortiManager, and Panorama.

  • Enhancements for SecureApp
    • It is possible to search network objects not only by their name but also by IP address, subnet, and comment.


Further improvements, as well as corrections, are included in R23-2.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com