Tufin has released TOS R23-2, the second version of the Tufin Orchestration Suite of 2023.
TOS R23-2 is available as GA and can be downloaded from the Tufin Portal (authentication required).
Some improvements of TOS Aurora R23-2:
Change Monitoring, Automation, and Orchestration
- SecureChange (Palo Alto Networks)
Automation for Panorama URL Categories allows design and provisioning for URL Categories also.
Rules from different devices can be added to a single ticket using the Rule Viewer. This is available for Rule Decommission, Rule Modification, and Rule Recertification tickets.
Extension Apps have been added to the SecureChange menu.
A new page for "My Requests" has been integrated into SecureChange.
Topology and Automation now support Internet Objects, that can be directly inserted into Devices by Check Point and Forcepoint.
SecureCloud now displays a risk assessment for assets exposed to the internet based on the data returned from the firewalls monitored by SecureTrack.
The Rule Viewer now offers the option to view the change history of a rule by the new tab "Rule History".
In order to monitor license consumption and accurate auditing, a mechanism for tracking the license usage is introduced. The licenses of SecureTrack+, SecurecChange+, and Enterprise can be sent automatically to Tufin. More information here.
The License Management in SecureTrack has a new user interface that can be accessed by SecureTrack Super Administrators.
New appliances for TOS are available now. They come pre-installed with TufinOS and TOS Aurora. There are two different appliances available: T-820 and T-1220.
- Operating Systems
In June 2024 CentOS 7 as well as TufinOS 3 are going to be End-of-Life. TufinOS 4 and Red Hat Enterprise Linux / Rocky Linux 8.6 are the successors. They are available for on-premise installations, cloud deployments require Rocky Linux 8.6.
- Google Cloud
Tufin now supports high availability for GCP over three availability zones.
Devices and Platforms
VMware NSX-T on AWS (VMware cloud) is supported for TOS, providing the same features as with on-prem NSX deployments.
Network Security Groups (NSG) can be used as targets in SecureChange Access Requests. The verifier is now able to check automatically implemented policies.
The deployment of TOS in Microsoft Azure is supported for very large installations also. Sizing requires help from Tufin.
- Check Point
The management of Check Point devices can be done in the cloud using Check Point Smart-1 Cloud. This is supported by Tufin now.
Cisco Viptela is now supported in SecureTrack Topology, including OMP routes as well as SD-WAN interfaces and SD-WAN labels.
The Designer now can automatically create rules with custom logging for Cisco ASA devices.
- Palo Alto Networks
Tufiin is now able to monitor Palo Alto Networks Prisma Access Policies managed by Panorama devices.
- Enhancements for SecureTrack
- A new query returns all changes made in a selected revision that affect a specific rule.
- A new query returns a list of revisions in a specific time frame that affects a selected rule.
- Enhancements for SecureTrack
- NAT information can be retrieved per revision, not only for the last revision.
- Dynamic Topology data can be retrieved from a specific device tree. This subset can be refreshed without the need of a Topology "Full Sync".
- Enhancements for SecureChange
- URL Category Zones can be set and get for path calculation and target selection.
- It is possible to run "commit now" for a specific device in a SecureChange ticket for Check Point R8x, FortiManager, and Panorama.
- Enhancements for SecureApp
- It is possible to search network objects not only by their name but also by IP address, subnet, and comment.
Further improvements, as well as corrections, are included in R23-2.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com