Tufin has released R19-2, the second version of the Tufin Orchestration Suite in 2019. TOS 19-2 is available as GA now, delivering some improvements, e.g.

Change Automation and Orchestration

  • SecureChange
    Enhancements for the "Clone Server Policy" Workflow. They include zero-touch automation for Designer, Policy Update and Commit Policy Changes for all supported devices. Addtionally, support for NSX-V has been added.
  • SecureChange
    The Desgner now can be configured to implement changes in Access Requests as before (optimized policy), but also to implement each Access Request in separate rules. On demnad, this can also be requested by users.
  • SecureChange
    The Workflow "Modify Group" supports now Check Point objects with dual stack (IPv4 / IPv6)
  • SecureTrack, SecureChange
    Support of Fortinet Web Filter allows more visibility on rules that have configured it. So auditing is improved. End-to-End change automation is possible for current and Next Generation Fortinet configurations.
  • SecureChange
    Support of Dual Stack Objects (IPv4/IPv6) in Modify Group Workflow for Check Point R80
  • SecureChange
    Requester Notifications can be sent to AD groups, not only to individuals

Security, Risk and Compliance

  • SecureTrack, SecureChange
    Updated NextGen Applications Library for Palo Alto.
  • SecureTrack
    Improved Troubleshooting using advanced path analysis queries that contain multiple IP addresses
  • SecureTrack, SecureChange
    Protection against CSRF (Cross-Site Request Forgery) attacks (not currently supported for Microsoft Internet Explorer 11)

 Devices and Platforms

  • SecureTrack
    Support of Cisco ACI regarding "Enhanced Visibility", "Enhanced Topology Modeling", and "Risk Assessment".
  • SecureTrack
    Support of Palo Alto Panorama High Availability
  • SecureTrack
    Suppport of Palo Alto Panoramy External Dynamic List (EDL) Support
  • SecureTrack
    Support of Palo Alto Fully Qualified Domain Names
  • SecureTrack, SecureApp
    Policy Browser allows mapping of SecureApp Connections to rules for Cisco FMC, Fortinet FortiManager, and Palo Alto Panorama in Advanced Mode
  • SecureTrack
    Support of Check Point CloudGuard for Azure
  • Support of new devices:
    • Cisco Firepower Management Center (FMC) 6.3
    • Cosco ASA 9.13 beta


  • Improvements for SecureTrack
    • Automatic onbording of Management Devices via API has been added for Palo Alto Panorama and Fortinet FortiManager (both in advanced management mode) as well as Cisco ASA including import/update of virtual contexts
    • Adding / Updating of single or multiple devices is possible now for Palo Alto Panorama and Fortinet FortiManager (both in advanced management mode) as well as Cisco ASA including import/update of virtual contexts
  • Improvements for SecureTrack/SecureChange
    • Support for Palo Alto Panorama External Dynamic List (EDL) data has been added
  • Improvements for SecureChange
    • The results for the Clone Server Policy can be retrieved via API
  • Improvements for SecureTrack/SecureChange/SecureApp
    • The serialization implementation for JSON is now complete for all SecureTrack, SecureChange and SecureApp REST APIs.


Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com