Version update

Details
Category: Version update

Tufin has released R19-2, the second version of the Tufin Orchestration Suite in 2019. TOS 19-2 is available as GA now, delivering some improvements, e.g.

Change Automation and Orchestration

  • SecureChange
    Enhancements for the "Clone Server Policy" Workflow. They include zero-touch automation for Designer, Policy Update and Commit Policy Changes for all supported devices. Addtionally, support for NSX-V has been added.
  • SecureChange
    The Desgner now can be configured to implement changes in Access Requests as before (optimized policy), but also to implement each Access Request in separate rules. On demnad, this can also be requested by users.
  • SecureChange
    The Workflow "Modify Group" supports now Check Point objects with dual stack (IPv4 / IPv6)
  • SecureTrack, SecureChange
    Support of Fortinet Web Filter allows more visibility on rules that have configured it. So auditing is improved. End-to-End change automation is possible for current and Next Generation Fortinet configurations.
  • SecureChange
    Support of Dual Stack Objects (IPv4/IPv6) in Modify Group Workflow for Check Point R80
  • SecureChange
    Requester Notifications can be sent to AD groups, not only to individuals

Security, Risk and Compliance

  • SecureTrack, SecureChange
    Updated NextGen Applications Library for Palo Alto.
  • SecureTrack
    Improved Troubleshooting using advanced path analysis queries that contain multiple IP addresses
  • SecureTrack, SecureChange
    Protection against CSRF (Cross-Site Request Forgery) attacks (not currently supported for Microsoft Internet Explorer 11)

 Devices and Platforms

  • SecureTrack
    Support of Cisco ACI regarding "Enhanced Visibility", "Enhanced Topology Modeling", and "Risk Assessment".
  • SecureTrack
    Support of Palo Alto Panorama High Availability
  • SecureTrack
    Suppport of Palo Alto Panoramy External Dynamic List (EDL) Support
  • SecureTrack
    Support of Palo Alto Fully Qualified Domain Names
  • SecureTrack, SecureApp
    Policy Browser allows mapping of SecureApp Connections to rules for Cisco FMC, Fortinet FortiManager, and Palo Alto Panorama in Advanced Mode
  • SecureTrack
    Support of Check Point CloudGuard for Azure
  • Support of new devices:
    • Cisco Firepower Management Center (FMC) 6.3
    • Cosco ASA 9.13 beta

REST API

  • Improvements for SecureTrack
    • Automatic onbording of Management Devices via API has been added for Palo Alto Panorama and Fortinet FortiManager (both in advanced management mode) as well as Cisco ASA including import/update of virtual contexts
    • Adding / Updating of single or multiple devices is possible now for Palo Alto Panorama and Fortinet FortiManager (both in advanced management mode) as well as Cisco ASA including import/update of virtual contexts
  • Improvements for SecureTrack/SecureChange
    • Support for Palo Alto Panorama External Dynamic List (EDL) data has been added
  • Improvements for SecureChange
    • The results for the Clone Server Policy can be retrieved via API
  • Improvements for SecureTrack/SecureChange/SecureApp
    • The serialization implementation for JSON is now complete for all SecureTrack, SecureChange and SecureApp REST APIs.

 

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

 

Details
Category: Version update

Tufin has released R19-1, the first version of the Tufin Orchestration Suite in 2019. TOS 19-1 is available as GA now, delivering some improvements, e.g.

  • Interactive Map of SecureTrack allows to save queries now. This allows administrators to save the most important path queries and to re-use them again
  • SecureApp has been optimized for color-blind access. It's compatible with corresponding industry standards now.

Change Automation and Orchestration

  • SecureChange
    Clone Server Policy Workflow allows easy duplication of access permissions when new servers are introduced. This might also help when a server is moved from one address to another.
    Supported platforms are Cisco ASA, Cisco Firepower, Check Point R80 (CMA, SmartCenter, MDS), Fortinet FortiManager advanced and Palo Alto Panorama advanced
  • SecureChange
    Enhanced sorting of selections when adding or removing components. This might help e.g. when an assingment to some users / groups is done. The box for selecting / deselecting them can be sorted not only by name but also by "add" or "clear". This is relevant for "Access Request" and "Clone Server Policy" workflows.

Security, Risk and Compliance

  • SecureTrack, SecureChange
    Map Ticket to Rule is a new feature that maps a fully or paritally implemented ticket to rules. This mapping is based on results of the Verifier.
  • SecureChange
    Enhancements for "Legacy Rules". The Designer now places changes above a legacy rule now only if the legacy rule traffic intersects the Access Request traffic. Until now, this was done always.
  • SecureTrack
    Enhanced USP allows to automatically trigger a violation for IP addresses that are not explicitely included in any USP. They can easily be added to relevant zones.
  • SecureTrack
    A new network zone called "Unassociated Networks" is predefined. It includes all private IP addresses that are not defined in any other zone. This is the "private equivalent" to the predefined zone "Internet". It's used in SecureTrack as well as SecureChange and SecureApp.

 Devices and Platforms

  • SecureTrack
    NAT support for Palo Alto Panorama advanced to track changes on NAT rules
  • SecureTrack
    URL Filtering Support for Palo Alto Panorama advanced to track changes in URL Category
  • SecureTrack
    Cisco Nexus VXLAN Routing Support is implemented now and shown in the Interactive Map
  • SecureTrack
    Routes configured in Juniper MX Router Devices can be selected now, i.e. if there are many dynamic routes specific networks and routes can be added / deleted which might increase router performance
  • SecureChange
    "Server Decommission" is supported now for Global Objects defined in Check Point MDS
  • Support of new devices:
    • Check Point R80.20 (Check Point API version 1.1)
    • Forcepoint SMC 6.5 (SMC API version 6.4)
    • Fortinet FortiManager 6.0.2

REST API

  • Improvements for SecureTrack
    • Unified Returned JSON Array Format is completed now
    • Panorama Firewall Name to Rule- and Policy-related API (PolicyTargetDTO)
    • Adding Devices via API is possible now (for Check Point R77, Cisco ASA without Virtual Contexts, more to follow)
    • Get Panorama URL Categories
    • Compare Traffice Between Devices
    • Service Object Search
    • Modify Unified Security Policy via API is possible now
  • Improvements for SecureChange
    • Clone Server Policy Request DTO
    • Reject Ticket via API
    • Map Rules to Ticket

 

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

 

Details
Category: Version update

Tufin has released R18-3, the third version of the Tufin Orchestration Suite in 2018. TOS 18-3 is available as GA now, delivering some improvements, e.g.

Change Automation and Orchestration

  • SecuerChange
    Remove Access for VMware NSX. This kind of Workflow is available for NSX now.
  • Secure Change
    Modify Group Automation for Palo Alto Panorama Shared Objects
  • SecureChange
    Server Decommission Automation, now supported for Palo Alto Panorama Shared Objects and Cisco Firepower Management Console (FMC)
  • SecureChange
    Change Automation Enhancements for Cisco Firepower, now supporting workflows "Allow Access", "Modify Group", "Server Decommission", "Rule Decommission", and "Rule Recertification"
  • SecureChange
    Action "Commit Now" is possible in an automatic step in workflows "Access Request", "Modify Group", "Access Request and Modify Group", and "Rule Decommision" for these Devices: Palo Alto Panorama Advanced Management Mode, Fortinet FortiManager Advanced Management Mode, Check Point CMA R80. Check Point MDS R80 is only supported for "Modify Group"

Security, Risk and Compliance

  • SecureTrack
    Rule Change and Object Change Reports for Palo Alto Panorama Device Groups for Advanced Management Mode and FortiManager ADOM Policies when configured for Advanced Management Mode.
  • SecureTrack
    Enhanced Unified Security Policy (USP) Risk Analysis, e.g. configuration of Default Behavior when an IP address is not covered in the USP

Devices and Platforms

  • SecureTrack
    Fortinet FortiManager Rule Name support for FMG version 5.4 and above
  • SecureTrack
    Syslog support for Check Point R77, so traffic and audit logs can be received using LEA or syslog
  • SecureTrack
    External syslog support for VMware NSX, support of vRealize Log Insight
  • SecureTrack
    Cisco Firepower revision changes support
  • SecureTrack
    Policy-based routing (PBR) and related ACL rules support for Cisco IOS routers in the Interactive Map
  • Support of new devices
    • Cisco ASA 9.9
    • Check Point R80.20 (EA)
    • Palo Alto PanOS 8.1

REST API

  • Improvements for SecureTrack
    • Unified Returned JSON Array Format - continued
    • New Change Windows APIs
    • Get General SecureTrack Properties
    • Enhanced API for retrieving subnet information
    • Restricted pagination for Rule Search API
    • Enhanced API for Monitored Devices
    • Service Search
    • Retrieve suggested targets for an access request
  • Improvements for SecureChange
    • Commit Results
    • Modify Designer suggestion

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

 

 

Details
Category: Version update

Tufin has released R18-2, the second version of the Tufin Orchestration Suite in 2018. TOS 18-2 is available as GA now, delivering some improvements, e.g.

Cloud

  • SecureTrack
    Automatically Onboard AWS VPCs
    VPCs are automatically detected now, which covers adding or removing them.

Security Policy Change Automation and Orchestration

  • SecureChange
    Commit Policy Changes. Using this function, policies are pushed from the Management Server to the Firewalls using the Designer. Supported for Check Point, Palo Alto and Fortinet
  • SecureTrack, SecureChange
    The feature Change Windows allows to schedule time slots for committing policies from Management Server to Firewalls, including new report features
  • SecureChange
    Customizable Rule Names for FortiManager allow to define a rule name directly from the SecureChange Designer when changes are implemented.
  • SecureChange
    Change Automation Enhancements for Cisco Firepower allow to implement changes of the security policy automatically.

Devices and Platforms

  • SecureTrack
    Inline Layer Support for Check Point R80.10
  • SecureTrack
    Migrate or Delete Multiple Devices for some Cisco and Check Point Devices using “Device Bulk Tasks”
  • Support of new devices
    • VMware NSX 6.4.0
    • Cisco ASA 9.8
    • Fortinet FortiManager 5.6.3
    • Fortinet FortiGate 5.4.7 and 5.6.3
    • Forcepoint SMC 6.4
    • Palo Alto Panorama 8.1

REST API

  • Improvements for SecureTrack/SecureChange/SecureApp
    Upgrades of REST API Stanadard (JAX_RS) from 1.1 to 2.1, compliant with Java EE8 Apache CXF (which implements JAX_RS 2.1) upgraded from 2.6.16 to 3.2.1
  • Improvements for SecureTrack
    • Unified Returned JSON Array Format for these APIs:
      Get devices, Get device by Id, Add offline device, Update offline device, Get rules by device, Get specific rule, Rule Search APIs
    • Generic Devices APIs:
      Fully manage adding, deleting, or modifying generic devices to the Interactive Map via the REST APIs. New argument “update_topology”.
    • Sync Topology APIs
      Synchronization of Interactive Map by “Fast Topology Sync” or “Full Topology Snyc”
    • Generic VPN connections API
      Retrieval of a list of generic VON in the Topology Map
    • Check Point Inline Layer Support
      Parameter “include_subpolicy” allows support of this mode
    • Additional Data Returned for Check Point Devices
      API responses for “get devices”, “installed_policy” and “parent_id"
    • Filtering Service Group Members
      Optional parameter “show_members” with more information
    • Support for Pagination in USP Exceptions
      Better management of a large number of USP Exceptions
    • Retrieve Domains from SecureTrack
      New “Synchronize Domains” API retrieves all domains from SecureTrack, also synchronizing SecureChange Domains

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

 

Details
Category: Version update

Tufin has released the first version of the Tufin Orchestration Suite in 2018: R18-1. TOS 18-1 is available as GA now, delivering some improvements, e.g.

Cloud

  • SecureTrack
    Support of AWS AssumeRole as part of the AWS Security Token Service
  • SecureTrack
    Support of the latest Microsoft Azure SDK 1.2.0

Security Policy Change Automation and Orchestration

  • SecureTrack, SecureChange
    Rule Recertification Automation by a specific workflow
  • SecureTrack, SecureChange
    Cisco Firepower Automation (including Target Suggestion, Risk Analysis, Designer and Verifier)
  • SecureChange
    New Workflow Customization Triggers (e.g. when Automatic Step fails, Pre-Assignment Script)
  • SecureChange
    Enhancements for Manual Target Selection
  • SecureTrack, SecureChange
    Stealth Rule is considered now by Designer

Security, Risk, and Compliance

  • SecureTrack
    Automatic Policy Generator (APG) for Palo Alto Panorama and Fortinet FortiManager

Devices and Platforms

  • SecureTrack
    Dynamic Routing Support for Palo Alto and Fortinet
  • SecureTrack, SecureChange
    Extended Generic NAT for Palo Alto
  • SecureTrack, SecureChange
    Topology Support for Cisco Firepower
  • Support of new devices
    • Fortinet FortiManager 5.4.4
    • Fortinet FortiGate 5.2.11
    • F5 13.0
    • Cisco Security Manager 4.15
    • Cisco Firepower 6.2.3
    • Microsoft Azure SDK 1.2.0

REST API

  • Improvements for SecureTrack
    • Parameter show_members for Network Object APIs
    • Network Topology APIs for NSX
    • Retrieve Total Available Records
    • Offline Device APIs
  • Improvements for SecureChange
    • new Tickets API - Confirm

 

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

Details
Category: Version update

Tufin has released the latest version of the Tufin Orchestration Suite. So TOS 17-3 is available in its GA version, delivering some improvements, e.g.

Cloud

  • SecureChange with end-to-end Automation Support for VMware NSX
  • SecureTrack with Enhanced Cisco ACI Support
  • License visibility is given now

Security Policy Change Automation and Orchestration

  • Integration of Check Point Identity Awareness Blade Support for Policy Change Automation
  • Enhancements for "Modify Group" workflow, e.g. support of creating new groups and not modify existing only
  • Rule Decommission Automation for Juniper SRX

Security, Risk, and Compliance

  • Policy Browser Search Enhancements
  • Interactive Map Enhancements

Devices and Platforms

  • FortiManager Support Enhancements
  • Cisco Firepower Enhancements
  • Support of new devices / versions:
    • BlueCoat - SGOS 6.7.1.1
    • Cisco - ASA 9.7
    • Cisco - CSM 4.12
    • Forcepoint - SMC 6.3
    • Fortinet - FortiGate 5.6
    • Fortinet - FortiManager 5.6
    • Juniper - M/MX 13.3 R10.2, 16.1 R4
    • VMware - NSX 6.3.3
    • VMware - vCenter 6.5

REST API

  • API Support for Check Point R80 Identity Awareness
  • New Network Topology APIs
  • New Cloud Topology APIs
  • Enhanced Rule Search
  • Authentication using TACACS via REST API

 

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

 

 

 

 

 

  • You are here:  
  • Home
  • Version update