Tufin Orchestration Suite 19-1

Details
Category: Version update

Tufin has released R19-1, the first version of the Tufin Orchestration Suite in 2019. TOS 19-1 is available as GA now, delivering some improvements, e.g.

  • Interactive Map of SecureTrack allows to save queries now. This allows administrators to save the most important path queries and to re-use them again
  • SecureApp has been optimized for color-blind access. It's compatible with corresponding industry standards now.

Change Automation and Orchestration

  • SecureChange
    Clone Server Policy Workflow allows easy duplication of access permissions when new servers are introduced. This might also help when a server is moved from one address to another.
    Supported platforms are Cisco ASA, Cisco Firepower, Check Point R80 (CMA, SmartCenter, MDS), Fortinet FortiManager advanced and Palo Alto Panorama advanced
  • SecureChange
    Enhanced sorting of selections when adding or removing components. This might help e.g. when an assingment to some users / groups is done. The box for selecting / deselecting them can be sorted not only by name but also by "add" or "clear". This is relevant for "Access Request" and "Clone Server Policy" workflows.

Security, Risk and Compliance

  • SecureTrack, SecureChange
    Map Ticket to Rule is a new feature that maps a fully or paritally implemented ticket to rules. This mapping is based on results of the Verifier.
  • SecureChange
    Enhancements for "Legacy Rules". The Designer now places changes above a legacy rule now only if the legacy rule traffic intersects the Access Request traffic. Until now, this was done always.
  • SecureTrack
    Enhanced USP allows to automatically trigger a violation for IP addresses that are not explicitely included in any USP. They can easily be added to relevant zones.
  • SecureTrack
    A new network zone called "Unassociated Networks" is predefined. It includes all private IP addresses that are not defined in any other zone. This is the "private equivalent" to the predefined zone "Internet". It's used in SecureTrack as well as SecureChange and SecureApp.

 Devices and Platforms

  • SecureTrack
    NAT support for Palo Alto Panorama advanced to track changes on NAT rules
  • SecureTrack
    URL Filtering Support for Palo Alto Panorama advanced to track changes in URL Category
  • SecureTrack
    Cisco Nexus VXLAN Routing Support is implemented now and shown in the Interactive Map
  • SecureTrack
    Routes configured in Juniper MX Router Devices can be selected now, i.e. if there are many dynamic routes specific networks and routes can be added / deleted which might increase router performance
  • SecureChange
    "Server Decommission" is supported now for Global Objects defined in Check Point MDS
  • Support of new devices:
    • Check Point R80.20 (Check Point API version 1.1)
    • Forcepoint SMC 6.5 (SMC API version 6.4)
    • Fortinet FortiManager 6.0.2

REST API

  • Improvements for SecureTrack
    • Unified Returned JSON Array Format is completed now
    • Panorama Firewall Name to Rule- and Policy-related API (PolicyTargetDTO)
    • Adding Devices via API is possible now (for Check Point R77, Cisco ASA without Virtual Contexts, more to follow)
    • Get Panorama URL Categories
    • Compare Traffice Between Devices
    • Service Object Search
    • Modify Unified Security Policy via API is possible now
  • Improvements for SecureChange
    • Clone Server Policy Request DTO
    • Reject Ticket via API
    • Map Rules to Ticket

 

Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com