Version update

Details

Category: Version update

Last Updated: 04 May 2017

The new and first GA version in 2017 of the Tufin Orchestration Suite (TOS) is available: 17-1.
This GA Version delivers some improvements, e.g.

Cloud:

• USP Based Security Groups in SecureTrack
  Dynamic micro-segmentation policies for cloud environments, USP Policies that are not based on specific IP addresses and simplified compliance and risk analysis
• AWS Direct Connect Support
  Integration of AWS Direct Connect in Topology, including the interfaceS

Security Change Automation and Orchestration:

• Zero-touch, end-to-end full automation for Palo Alto Panorama UserID (NGFW)
• End-to-end Rule Decommission workflow with Provisioning
• Cisco ASA IPv6 Change Automation

Security, Risk and Compliance:

• Rules and Objects Report support for Panorama Device Groups Policies
• Palo-Alto Pre- and Post-rules Marked in Policy Browser
• Rules and Objects Report support for FortiManager ADOM Policies

Application Management:

• IPv6-based Application Management

Devices and Platforms:

• Forcepoint (formerly Stonesoft SMC): Support of Stonesoft SMC 6.1
• Juniper: Support of SRX 12.3x48

REST API:

• LDAP
  Retrieve the base DN entry, details about a specific DN below the base DN entry, search for all entries that match (EXACT, CONTAINS, STARTS_WITH, ENDS_WITH) a specific string, or search for entries that exactly match a set of strings.
• Network Zone Manager - Patterns
  Retrieve, create, and modify security group patterns for identifying violations.
• Rule Decommission Designer Results and Provisioning Commands
  Retrieve Designer results and Provisioning commands for Rule Decommission.

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

Details

Category: Version update

Last Updated: 23 February 2017

Since today (Feb. 20th, 2017) the new version of the Tufin Orchestration Suite (TOS) is available: 16-4.
This GA Version delivers some improvements, e.g.

Cloud:

• Cisco ACI Support
  Monitor ACI Platform as a device, Manage ACI Application Profiles in SecureApp, Integration in Tufin Unified Security Policy (USP), etc.
• Cloud Tag Policy (SecureTrack)
  Defining a tag policy as part of Tufin USP for AWS or via APIs for any cloud platform supported by Tufin plus further options

Security Change Automation:

• Zero-touch End-to-End Automation for Check Point R80
• Updated Palo Alto NGFW Application IDs
• Rule Decomissionin a cross-suite workflow
• Server Decommission for Cisco ASA/IOS and Juniper SRX delivers required commands which can be used with copy/paste
• Server Decommission for Cisco ASA and Juniper SRXis fully automated possible
• Palo Alto Panorama Post-Rule Automation
• New Role Permission: View handlers of my requests
• New SecureChange E-Mail Template: Request automatically closed

Security, Risk and Compliance:

• Policy Browser is now located on the HOME tab
• Enhancements for the Policy Browser

Application Management:

• Application Connection Search
• Performance Improvement for SecureApp

Devices and Platforms:

• Check Point: Full Support of R80, including MDS, CMA, and SmartCenter
• Forcepoint: Support of Stonesoft SMC 6.1 using 5.10 APIs
• Forcepoint: Enhancements in Stonesoft IPv6 support
• Fortinet: Support of FortiManager and FortiGate 5.2.9
• Fortinet: FortiManager 5.4 and 5.4.1 NAT Support

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

Details

Category: Version update

Last Updated: 26 November 2016

The latest version of Tufin Orchestration Suite (TOS) is now 16-3. This GA Version delivers some improvements for its software parts, e.g.

Cloud:

• AWS Security Groups are automatically recommended per required access
• Changes are automatically verified per required access

Security Change Automation:

• New Role in SecureChange allowing "Assign tickets to any handler"
• "Modify Group" allows adding/removing IP ranges now
• Designer suggestion is shown in Policy Context, i.e. suggested changes are shown in existing policy
• Palo Alto Networks Panorama Device Group Policy Automation
  • Automatic selection of Device Group per required access
  • Automatic risk/compliance Analysis
  • Automatic Change Design and Provisioning incl. AppID
  • Automatic verification after changes
• REST API allows now to export Designer results
• Designer CLI

Security and Compliance:

• Rule Documentation (Policy Browser) now allows to search for disabled rules
• Palo Alto Networks Panorama Device Group integraion
  
  • Changes are tracked and monitored
  • Full visibility into Panorama Device Group hierarchy
  • Full intetration into Policy Browser (including rule usage information)
  • Cleanup support
  • Integration into SecureTrack Unified Security Policies
  • Reports are possible
  • Support of Tufin SeureTrack Topology
  • SecureApp connection status monitoring (currently not for AppID)

Application Management:

• Introduction of application-centric User Permissions

Devices and Platforms:

• Juniper: Topology Support for Virtual Routers in SRX Routes
• Fortinet: Support of FortiManager 5.4.1
• VMware: Support of NSX 6.2.4
• F5: F5 12-1 is supported by TOS, but no iApps
• Cisco: Support of ASA

Further improvements and corrections are included.

The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

Details

Category: Version update

Last Updated: 03 August 2016

Today, Tufin has published the second Major Release of TOS in 2016. Therefore it's called 16-2. Please find some information about changes in this version below.
This version includes some improvements, e.g.:

• Optional configuration of the user interface without Adobe Flash components
• Enhanced syslog support, up to 150k syslogs per second
• Improvements regarding Distributed Architecture

Cloud:

• Provisioning of AWS Security Groups, policy changes to AWS and built-in risk analysis checks
• Unified Security Policy for AWS

Automation:

• End-to-End Automation support for FortiManager ADOM Policies in SecureChangen, incl. Risk Analysis, Designer, Provisioning, Server Decomissioning
• Configurable Designer Suggestions regarding objects selected
• REST API allows the change of ownership of a Closed Ticket is possible now

Security and Compliance:

• Find permissive Rules using the Rule Documentation feature to optimize policies
• Rest API allows to configure Flow Exceptions in a Unified Security Policy

Devices and Platforms:

• Fortinet:
  Full support of FortiManager 5.4 using ADOM Policies
• Palo Alto:
  Support of Panorama 7.1 regarding Devices using Device Groups
• Cisco:
  Cisco CSM 4.8 and 4.9 are now certified to work with TOS
• Cisco:
  Cisco ASA 9.5 is now certified to work with TOS
• Forcepoint:
  Stonesoft 5.10 is certified to work with TOS

Changes regarding SecureTrack:

• Unitied Security Policy for AWS
• Analyzing and Optimization of Policies using Rule Permissiveness Level
• IPv6 Support for Stonesoft Devices, Definition of IPv6 Zones in Zone Manager is possible now
• Filtering of Cisco ASA passwords is possible (optional)
• Support of FortiManager 5.4 managing Devices using ADOM Policies
• Managing Devices using Device Groups in Palo Alto Panorama 7.1 is possible
• Using REST API allows to get matching rules for Unified Security Policy exceptions as well as to configure flow exceptions is the Unified Security Policy

Changes regarding SecureChange:

• Provisioning of AWS groups
• End-to-End Automation for FortiManager
• Configurable Designer Suggestions - Object Selection
• View of additional Palo Alto Network Fields
• IPv6 Support for Stonesoft Policies and for Risk Analysis in Unified Security Policies

Changes regarding SecureApp:

• View of additional Palo Alto Network Fields
• Support of FortiManager ADOMs
• IPv6 support allowing security compliance checks for violations to IPv6 Zones

Further improvements and corrections are included.

 The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

Details

Category: Version update

Last Updated: 11 June 2016

Situation

Tufin delivers new versions quite often. If you are working with TOS and all your requirements are fulfilled - fine. But sometimes an upgrade is recommended, e.g. if there are new features you want or support is needed. It's quite sure that Tufin Support will recommend an upgrade if you have a problem with a version which is very old.

Upgrades can't always be done inplace. Esp. when upgrading TufinOS from version 1.x to 2.x a fresh install of the OS is needed.
We do upgrades mostly running in virtualized environments. Using Snapshots it's easy to restore the older version if something went wrong.

The upgrade path

Example: Starting with TufinOS 1.1x and TSS 6.1
To upgrade from version 6.x to R16-1 these steps are recommended

• Upgrade to version R12-6
• Upgrade to TufinOS 1.17 (if not done before)
• Upgrade to version R13-3 GA
• Upgrade to version R14-1 GA
• Upgrade to version R14-3 GA
• Install TufinOS 2.11 and R14-3 GA. Then migrate the configuration to this version using backup/restore.
  If an upgrade of TufinOS isn't possible, upgrade to PSQL version 9.
• Upgrade to R15-1 GA
• Upgrade to TufinOS 1.21 - only needed if still TufinOS 1.x is used
• Upgrade to R15-3 GA (direct upgrade to R16-1 is possible)
• Upgrade to R15-4 GA
• Upgrade to R16-1 GA

This procedure has been proven and should work in many situations.