Tufin Orchestration Suite 24-1

Details
Category: Version update

Tufin has released TOS R24-1, the first version of the Tufin Orchestration Suite of 2024. It enforces the "new licensing" as R23-2 started to do. Licensing is enforced following the Solution Tiers. So before an upgrade be sure that you have all active devices licensed, the license activated and not using a temporary license.
TOS R24-1 is available as GA and can be downloaded from the Tufin Portal (authentication required).
Some improvements of TOS R24-1:

Change Monitoring, Automation, and Orchestration

  • SecureTrack
    Some improvements have been integrated into Rule Viewer. It affects e.g. group rules or the increased limit for rule actions.
  • SecureTrack
    The Rule Viewer allows a new TQL operator: "intersect". It locates rules whose SRC or DST intersect with a given IP, subnet, or range.
  • SecureTrack
    Shadowed rules shown in Rule Viewer can now be selected to get further information.
  • SecureTrack
    A USP template for PCI-DSS 4.0 is integrated, allowing to follow the latest PCI-DSS Standard.
  • SecureTrack
    Regarding USPs, now violations of Azure Firewall Rules are considered.

  • SecureChange
    Searching for tickets has been updated to a new look-and-feel. This affects "free search" as well as "detailed search".
  • SecureChange
    Palo Alto Panorama and ACI integration with DAG-based ACI EPG tags in their Panorama security policies allow to automate changes with SecureChange workflow tools.
  • SecureChange
    Palo Alto rules and access requests whose source includes both UserID (LDAP Groups) and IP addresses are supported now.

  • SecureApp
    A custom validation script is available for SecureApp, allowing to ensure some important properties like e.g. object names, USP compliance.

Deployment

  • TOS CLuster
    New default alerts are available to check e.g. file system usage and database status. These TOS Cluster Health Alerts offer simpler monitoring. 

Devices and Platforms

  • Azure
    For Azure FW and NSG rules some enhancements for Cleanup have been published

  • Cisco
    Cisco Meraki can be added to SecureTrack using proxy authentication
  • Cisco
    Besides the on prem support of Cisco FMX, now Cisco Cloud-Delivered FMC is supported, too

  • Google Cloud
    From this version on, GCP is incorporated into SecureTrack Topology
  • Google Cloud
    GCP projects can be added to SecureTrack using proxy authentication

  • Palo Alto
    Panorama Managed Prisma Access is incorporated into SecureTrack Topology
  • Palo Alto
    Palo Alto Device Groups that manage Palo Alto Cloud NGFW on Azure are now supported
  • Palo Alto
    Palo Alto VM series on GCP is supported, delivering full functionality

API Improvements

  • SecureChange
    The SecureChange Reporting API has been introduced. It allows more granular reporting about tickets and step events

 

Further improvements, as well as corrections, are included in R24-1.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com