www.tufin.club

Tufin has officially released TOS R25-1. It's the first version of the Tufin Orchestration Suite of 2025. 
TOS R25-1 is available as GA and can be downloaded from the Tufin Portal (authentication required).
Some improvements of TOS R25-1:

Change Monitoring, Automation, and Orchestration

  • SecureTrack
    When looking at the revision history, comments can be added now. This feature is available for GCP, Meraki, Arista and other OPM devices.

  • SecureTrack
    In Cloud environments, syslogs via TCP can be encrypted with TLS now. 

  • SecureTrack
    Based on Network Configuration, a mapping of zones to interfaces (MZTI) is supported now. This is useful when working with USPs. 

  • SecureChange
    The user experience for "generic workflows" has been improved by introducing a new design and a panel for "Ticket Properties". 

  • SecureChange
    It's possible to automate userID from Network Tickets to Next Generation Firewalls like Panorama and FortiManager

  • SecureChange
    Further improvements in SecureChange SLA allow to pause, resume, and reset the SLA of tickets. Non-handler users can be excluded from the SLA, so the time used by handler teams can be calculated more accurate. 

  • SecureApp
    Applications may now include connections using LDAP user groups from specified networks.

  • TufinMate
    Tufin's AI Assistant is now generally available. It supports in troubleshooting network issues, opening Access Request tickets via Microsoft Teams using natural language and Microsoft Copilot is supported to get questions about Topology. 

Devices and Platforms

  • Arista EOS
    The Linux-based network operation system for Clouds is officially supported now. It's supported for Topology (e.g. VxLAN, MPLS, VPN) for IPv4 as well as IPv6, for USP as well as Change Automation.

  • AWS
    Unused Security Group (SG) rules across AWS environments are recognized now, so rule analytics, last-hit information in Rule Viewer as well as Security Best Practice reports are available. 

  • Azure
    Using USPs is possible for Azure Network Security Groups (NSGs) now. This might increase the security level of the cloud.

  • Azure
    Azure Network Security Groups (NSGs) with Application Security Groups (ASGs) are supported by the Designer in Access Request Workflows now. So changes can be automated, too. 

  • Check Point
    Check Point Last Hit Information is shown in the Rule Viewer for objects in rules. Therefore it's possible now to identitfy unused objects in rules. 

  • Cisco Meraki
    Automatic Target selection in SecureChange is supported now for Cisco Meraki, including USP checks before implementation. 

  • OPM
    OPM (Open Policy Management) devices can be integrated into TOS. Now, in Access Request Workflows Designer support for this kind of devices has been added. 

  • VMware
    NSX-T Gateway Firewalls can be integrated to SecureTrack now. So the policies and their revisions are visible, shown in Topopology, as well as checked against USPs. 

  • VMware
    NSX-T in Azure VMware Solution (AVS) is supported. It allows to extend the on-premis VM environment zu Microsoft Azure. 

  • Zscaler Internet Access (ZIA)
    ZIA devices are supported by SecureTrack now. They are shown in SecureTrack Topology (including VPN) and NGFW objects like URL categorization as well as FQDNs are supported. 

  • Zscaler Internet Access (ZIA)
    SecureTrack Rule Viewer shows rules, last-hit information. Additionally, reports are possible to identify unused rules and objects.

Tufin Appliances

  • Tufin G4 (T800 / T1200) & G4.5 (T820 / T1220) appliances can be connected to two different switches to provide them with Link Redundancy. 


Further improvements, as well as corrections, are included in R25-1.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com