Version update
- Details
- Category: Version update
Tufin has released R19-2, the second version of the Tufin Orchestration Suite in 2019. TOS 19-2 is available as GA now, delivering some improvements, e.g.
Change Automation and Orchestration
- SecureChange
Enhancements for the "Clone Server Policy" Workflow. They include zero-touch automation for Designer, Policy Update and Commit Policy Changes for all supported devices. Addtionally, support for NSX-V has been added. - SecureChange
The Desgner now can be configured to implement changes in Access Requests as before (optimized policy), but also to implement each Access Request in separate rules. On demnad, this can also be requested by users. - SecureChange
The Workflow "Modify Group" supports now Check Point objects with dual stack (IPv4 / IPv6) - SecureTrack, SecureChange
Support of Fortinet Web Filter allows more visibility on rules that have configured it. So auditing is improved. End-to-End change automation is possible for current and Next Generation Fortinet configurations. - SecureChange
Support of Dual Stack Objects (IPv4/IPv6) in Modify Group Workflow for Check Point R80 - SecureChange
Requester Notifications can be sent to AD groups, not only to individuals
Security, Risk and Compliance
- SecureTrack, SecureChange
Updated NextGen Applications Library for Palo Alto. - SecureTrack
Improved Troubleshooting using advanced path analysis queries that contain multiple IP addresses - SecureTrack, SecureChange
Protection against CSRF (Cross-Site Request Forgery) attacks (not currently supported for Microsoft Internet Explorer 11)
Devices and Platforms
- SecureTrack
Support of Cisco ACI regarding "Enhanced Visibility", "Enhanced Topology Modeling", and "Risk Assessment". - SecureTrack
Support of Palo Alto Panorama High Availability - SecureTrack
Suppport of Palo Alto Panoramy External Dynamic List (EDL) Support - SecureTrack
Support of Palo Alto Fully Qualified Domain Names - SecureTrack, SecureApp
Policy Browser allows mapping of SecureApp Connections to rules for Cisco FMC, Fortinet FortiManager, and Palo Alto Panorama in Advanced Mode - SecureTrack
Support of Check Point CloudGuard for Azure - Support of new devices:
- Cisco Firepower Management Center (FMC) 6.3
- Cosco ASA 9.13 beta
REST API
- Improvements for SecureTrack
- Automatic onbording of Management Devices via API has been added for Palo Alto Panorama and Fortinet FortiManager (both in advanced management mode) as well as Cisco ASA including import/update of virtual contexts
- Adding / Updating of single or multiple devices is possible now for Palo Alto Panorama and Fortinet FortiManager (both in advanced management mode) as well as Cisco ASA including import/update of virtual contexts
- Improvements for SecureTrack/SecureChange
- Support for Palo Alto Panorama External Dynamic List (EDL) data has been added
- Improvements for SecureChange
- The results for the Clone Server Policy can be retrieved via API
- Improvements for SecureTrack/SecureChange/SecureApp
- The serialization implementation for JSON is now complete for all SecureTrack, SecureChange and SecureApp REST APIs.
Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com
- Details
- Category: Version update
Tufin has released R19-1, the first version of the Tufin Orchestration Suite in 2019. TOS 19-1 is available as GA now, delivering some improvements, e.g.
- Interactive Map of SecureTrack allows to save queries now. This allows administrators to save the most important path queries and to re-use them again
- SecureApp has been optimized for color-blind access. It's compatible with corresponding industry standards now.
Change Automation and Orchestration
- SecureChange
Clone Server Policy Workflow allows easy duplication of access permissions when new servers are introduced. This might also help when a server is moved from one address to another.
Supported platforms are Cisco ASA, Cisco Firepower, Check Point R80 (CMA, SmartCenter, MDS), Fortinet FortiManager advanced and Palo Alto Panorama advanced - SecureChange
Enhanced sorting of selections when adding or removing components. This might help e.g. when an assingment to some users / groups is done. The box for selecting / deselecting them can be sorted not only by name but also by "add" or "clear". This is relevant for "Access Request" and "Clone Server Policy" workflows.
Security, Risk and Compliance
- SecureTrack, SecureChange
Map Ticket to Rule is a new feature that maps a fully or paritally implemented ticket to rules. This mapping is based on results of the Verifier. - SecureChange
Enhancements for "Legacy Rules". The Designer now places changes above a legacy rule now only if the legacy rule traffic intersects the Access Request traffic. Until now, this was done always. - SecureTrack
Enhanced USP allows to automatically trigger a violation for IP addresses that are not explicitely included in any USP. They can easily be added to relevant zones. - SecureTrack
A new network zone called "Unassociated Networks" is predefined. It includes all private IP addresses that are not defined in any other zone. This is the "private equivalent" to the predefined zone "Internet". It's used in SecureTrack as well as SecureChange and SecureApp.
Devices and Platforms
- SecureTrack
NAT support for Palo Alto Panorama advanced to track changes on NAT rules - SecureTrack
URL Filtering Support for Palo Alto Panorama advanced to track changes in URL Category - SecureTrack
Cisco Nexus VXLAN Routing Support is implemented now and shown in the Interactive Map - SecureTrack
Routes configured in Juniper MX Router Devices can be selected now, i.e. if there are many dynamic routes specific networks and routes can be added / deleted which might increase router performance - SecureChange
"Server Decommission" is supported now for Global Objects defined in Check Point MDS - Support of new devices:
- Check Point R80.20 (Check Point API version 1.1)
- Forcepoint SMC 6.5 (SMC API version 6.4)
- Fortinet FortiManager 6.0.2
REST API
- Improvements for SecureTrack
- Unified Returned JSON Array Format is completed now
- Panorama Firewall Name to Rule- and Policy-related API (PolicyTargetDTO)
- Adding Devices via API is possible now (for Check Point R77, Cisco ASA without Virtual Contexts, more to follow)
- Get Panorama URL Categories
- Compare Traffice Between Devices
- Service Object Search
- Modify Unified Security Policy via API is possible now
- Improvements for SecureChange
- Clone Server Policy Request DTO
- Reject Ticket via API
- Map Rules to Ticket
Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com
- Details
- Category: Version update
Tufin has released R18-3, the third version of the Tufin Orchestration Suite in 2018. TOS 18-3 is available as GA now, delivering some improvements, e.g.
Change Automation and Orchestration
- SecuerChange
Remove Access for VMware NSX. This kind of Workflow is available for NSX now. - Secure Change
Modify Group Automation for Palo Alto Panorama Shared Objects - SecureChange
Server Decommission Automation, now supported for Palo Alto Panorama Shared Objects and Cisco Firepower Management Console (FMC) - SecureChange
Change Automation Enhancements for Cisco Firepower, now supporting workflows "Allow Access", "Modify Group", "Server Decommission", "Rule Decommission", and "Rule Recertification" - SecureChange
Action "Commit Now" is possible in an automatic step in workflows "Access Request", "Modify Group", "Access Request and Modify Group", and "Rule Decommision" for these Devices: Palo Alto Panorama Advanced Management Mode, Fortinet FortiManager Advanced Management Mode, Check Point CMA R80. Check Point MDS R80 is only supported for "Modify Group"
Security, Risk and Compliance
- SecureTrack
Rule Change and Object Change Reports for Palo Alto Panorama Device Groups for Advanced Management Mode and FortiManager ADOM Policies when configured for Advanced Management Mode. - SecureTrack
Enhanced Unified Security Policy (USP) Risk Analysis, e.g. configuration of Default Behavior when an IP address is not covered in the USP
Devices and Platforms
- SecureTrack
Fortinet FortiManager Rule Name support for FMG version 5.4 and above - SecureTrack
Syslog support for Check Point R77, so traffic and audit logs can be received using LEA or syslog - SecureTrack
External syslog support for VMware NSX, support of vRealize Log Insight - SecureTrack
Cisco Firepower revision changes support - SecureTrack
Policy-based routing (PBR) and related ACL rules support for Cisco IOS routers in the Interactive Map - Support of new devices
- Cisco ASA 9.9
- Check Point R80.20 (EA)
- Palo Alto PanOS 8.1
REST API
- Improvements for SecureTrack
- Unified Returned JSON Array Format - continued
- New Change Windows APIs
- Get General SecureTrack Properties
- Enhanced API for retrieving subnet information
- Restricted pagination for Rule Search API
- Enhanced API for Monitored Devices
- Service Search
- Retrieve suggested targets for an access request
- Improvements for SecureChange
- Commit Results
- Modify Designer suggestion
Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com
- Details
- Category: Version update
Tufin has released R18-2, the second version of the Tufin Orchestration Suite in 2018. TOS 18-2 is available as GA now, delivering some improvements, e.g.
Cloud
- SecureTrack
Automatically Onboard AWS VPCs
VPCs are automatically detected now, which covers adding or removing them.
Security Policy Change Automation and Orchestration
- SecureChange
Commit Policy Changes. Using this function, policies are pushed from the Management Server to the Firewalls using the Designer. Supported for Check Point, Palo Alto and Fortinet - SecureTrack, SecureChange
The feature Change Windows allows to schedule time slots for committing policies from Management Server to Firewalls, including new report features - SecureChange
Customizable Rule Names for FortiManager allow to define a rule name directly from the SecureChange Designer when changes are implemented. - SecureChange
Change Automation Enhancements for Cisco Firepower allow to implement changes of the security policy automatically.
Devices and Platforms
- SecureTrack
Inline Layer Support for Check Point R80.10 - SecureTrack
Migrate or Delete Multiple Devices for some Cisco and Check Point Devices using “Device Bulk Tasks” - Support of new devices
- VMware NSX 6.4.0
- Cisco ASA 9.8
- Fortinet FortiManager 5.6.3
- Fortinet FortiGate 5.4.7 and 5.6.3
- Forcepoint SMC 6.4
- Palo Alto Panorama 8.1
REST API
- Improvements for SecureTrack/SecureChange/SecureApp
Upgrades of REST API Stanadard (JAX_RS) from 1.1 to 2.1, compliant with Java EE8 Apache CXF (which implements JAX_RS 2.1) upgraded from 2.6.16 to 3.2.1 - Improvements for SecureTrack
- Unified Returned JSON Array Format for these APIs:
Get devices, Get device by Id, Add offline device, Update offline device, Get rules by device, Get specific rule, Rule Search APIs - Generic Devices APIs:
Fully manage adding, deleting, or modifying generic devices to the Interactive Map via the REST APIs. New argument “update_topology”. - Sync Topology APIs
Synchronization of Interactive Map by “Fast Topology Sync” or “Full Topology Snyc” - Generic VPN connections API
Retrieval of a list of generic VON in the Topology Map - Check Point Inline Layer Support
Parameter “include_subpolicy” allows support of this mode - Additional Data Returned for Check Point Devices
API responses for “get devices”, “installed_policy” and “parent_id" - Filtering Service Group Members
Optional parameter “show_members” with more information - Support for Pagination in USP Exceptions
Better management of a large number of USP Exceptions - Retrieve Domains from SecureTrack
New “Synchronize Domains” API retrieves all domains from SecureTrack, also synchronizing SecureChange Domains
- Unified Returned JSON Array Format for these APIs:
Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com
- Details
- Category: Version update
Tufin has released the first version of the Tufin Orchestration Suite in 2018: R18-1. TOS 18-1 is available as GA now, delivering some improvements, e.g.
Cloud
- SecureTrack
Support of AWS AssumeRole as part of the AWS Security Token Service - SecureTrack
Support of the latest Microsoft Azure SDK 1.2.0
Security Policy Change Automation and Orchestration
- SecureTrack, SecureChange
Rule Recertification Automation by a specific workflow - SecureTrack, SecureChange
Cisco Firepower Automation (including Target Suggestion, Risk Analysis, Designer and Verifier) - SecureChange
New Workflow Customization Triggers (e.g. when Automatic Step fails, Pre-Assignment Script) - SecureChange
Enhancements for Manual Target Selection - SecureTrack, SecureChange
Stealth Rule is considered now by Designer
Security, Risk, and Compliance
- SecureTrack
Automatic Policy Generator (APG) for Palo Alto Panorama and Fortinet FortiManager
Devices and Platforms
- SecureTrack
Dynamic Routing Support for Palo Alto and Fortinet - SecureTrack, SecureChange
Extended Generic NAT for Palo Alto - SecureTrack, SecureChange
Topology Support for Cisco Firepower - Support of new devices
- Fortinet FortiManager 5.4.4
- Fortinet FortiGate 5.2.11
- F5 13.0
- Cisco Security Manager 4.15
- Cisco Firepower 6.2.3
- Microsoft Azure SDK 1.2.0
REST API
- Improvements for SecureTrack
- Parameter show_members for Network Object APIs
- Network Topology APIs for NSX
- Retrieve Total Available Records
- Offline Device APIs
- Improvements for SecureChange
- new Tickets API - Confirm
Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com
- Details
- Category: Version update
Tufin has released the latest version of the Tufin Orchestration Suite. So TOS 17-3 is available in its GA version, delivering some improvements, e.g.
Cloud
- SecureChange with end-to-end Automation Support for VMware NSX
- SecureTrack with Enhanced Cisco ACI Support
- License visibility is given now
Security Policy Change Automation and Orchestration
- Integration of Check Point Identity Awareness Blade Support for Policy Change Automation
- Enhancements for "Modify Group" workflow, e.g. support of creating new groups and not modify existing only
- Rule Decommission Automation for Juniper SRX
Security, Risk, and Compliance
- Policy Browser Search Enhancements
- Interactive Map Enhancements
Devices and Platforms
- FortiManager Support Enhancements
- Cisco Firepower Enhancements
- Support of new devices / versions:
- BlueCoat - SGOS 6.7.1.1
- Cisco - ASA 9.7
- Cisco - CSM 4.12
- Forcepoint - SMC 6.3
- Fortinet - FortiGate 5.6
- Fortinet - FortiManager 5.6
- Juniper - M/MX 13.3 R10.2, 16.1 R4
- VMware - NSX 6.3.3
- VMware - vCenter 6.5
REST API
- API Support for Check Point R80 Identity Awareness
- New Network Topology APIs
- New Cloud Topology APIs
- Enhanced Rule Search
- Authentication using TACACS via REST API
Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com
Page 3 of 5