Version update

Today, Tufin has published the second Major Release of TOS in 2016. Therefore it's called 16-2. Please find some information about changes in this version below.
This version includes some improvements, e.g.:

  • Optional configuration of the user interface without Adobe Flash components
  • Enhanced syslog support, up to 150k syslogs per second
  • Improvements regarding Distributed Architecture

Cloud:

  • Provisioning of AWS Security Groups, policy changes to AWS and built-in risk analysis checks
  • Unified Security Policy for AWS

Automation:

  • End-to-End Automation support for FortiManager ADOM Policies in SecureChangen, incl. Risk Analysis, Designer, Provisioning, Server Decomissioning
  • Configurable Designer Suggestions regarding objects selected
  • REST API allows the change of ownership of a Closed Ticket is possible now

Security and Compliance:

  • Find permissive Rules using the Rule Documentation feature to optimize policies
  • Rest API allows to configure Flow Exceptions in a Unified Security Policy

Devices and Platforms:

  • Fortinet:
    Full support of FortiManager 5.4 using ADOM Policies
  • Palo Alto:
    Support of Panorama 7.1 regarding Devices using Device Groups
  • Cisco:
    Cisco CSM 4.8 and 4.9 are now certified to work with TOS
  • Cisco:
    Cisco ASA 9.5 is now certified to work with TOS
  • Forcepoint:
    Stonesoft 5.10 is certified to work with TOS

 

Changes regarding SecureTrack:

  • Unitied Security Policy for AWS
  • Analyzing and Optimization of Policies using Rule Permissiveness Level
  • IPv6 Support for Stonesoft Devices, Definition of IPv6 Zones in Zone Manager is possible now
  • Filtering of Cisco ASA passwords is possible (optional)
  • Support of FortiManager 5.4 managing Devices using ADOM Policies
  • Managing Devices using Device Groups in Palo Alto Panorama 7.1 is possible
  • Using REST API allows to get matching rules for Unified Security Policy exceptions as well as to configure flow exceptions is the Unified Security Policy

Changes regarding SecureChange:

  • Provisioning of AWS groups
  • End-to-End Automation for FortiManager
  • Configurable Designer Suggestions - Object Selection
  • View of additional Palo Alto Network Fields
  • IPv6 Support for Stonesoft Policies and for Risk Analysis in Unified Security Policies

Changes regarding SecureApp:

  • View of additional Palo Alto Network Fields
  • Support of FortiManager ADOMs
  • IPv6 support allowing security compliance checks for violations to IPv6 Zones

 

Further improvements and corrections are included.

 The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

Situation

Tufin delivers new versions quite often. If you are working with TOS and all your requirements are fulfilled - fine. But sometimes an upgrade is recommended, e.g. if there are new features you want or support is needed. It's quite sure that Tufin Support will recommend an upgrade if you have a problem with a version which is very old.

Upgrades can't always be done inplace. Esp. when upgrading TufinOS from version 1.x to 2.x a fresh install of the OS is needed.
We do upgrades mostly running in virtualized environments. Using Snapshots it's easy to restore the older version if something went wrong.

The upgrade path

Example: Starting with TufinOS 1.1x and TSS 6.1
To upgrade from version 6.x to R16-1 these steps are recommended

  • Upgrade to version R12-6
  • Upgrade to TufinOS 1.17 (if not done before)
  • Upgrade to version R13-3 GA
  • Upgrade to version R14-1 GA
  • Upgrade to version R14-3 GA
  • Install TufinOS 2.11 and R14-3 GA. Then migrate the configuration to this version using backup/restore.
    If an upgrade of TufinOS isn't possible, upgrade to PSQL version 9.
  • Upgrade to R15-1 GA
  • Upgrade to TufinOS 1.21 - only needed if still TufinOS 1.x is used
  • Upgrade to R15-3 GA (direct upgrade to R16-1 is possible)
  • Upgrade to R15-4 GA
  • Upgrade to R16-1 GA

This procedure has been proven and should work in many situations.

 

 

Parallel to the Check Point CPX in Nice, Tufin has released version 16-1 GA. Until now, the first HF is available, too.
Please find some information about changes in this version below.

This version includes some improvements, e.g.:

  • New Cloud Features for AWS, e.g. automated Connectivity Modeling for AWS Applications, policy based analysis of connections, connection discovery of applications and much more
  • New Cloud Features for NSX, e.g. NSX Application Map

Changes regarding SecureTrack:

  • PaloAlto:
    Support of Palo Alto rule tags, security profiles and log profiles
  • Fortinet NAT:
    Support vo VIP, IP Pool and Destination Interface NAT as far as the Gateway is managed by FortiManager
  • Check Point:
    Full Support of Check Point R77.30 Management
  • Cisco:
    Support of ASA 9.5
  • Upgrade of HTTPD and JMS Server from TLSv1 to TLSv1.2
  • Improvements regarding the Unified Security Policy (USP). Further requirements can be added now, e.g. Logging required, no ANY as Source, Destination, Service, etc.
  • In Rule Base Optimization now a rule can be marked as "legacy". If SecureChange would recommend a change to this rule, it's ignored and a new rule will be defined. This is for optmization of "old and complex" rule bases.
  • Improvements of the REST API, esp. regarding Authorization and Compare of rule bases.

Changes regarding SecureChange:

  • The Designer has been improved, esp. when there are more than one Access Request in a ticket.
  • Visual presentation of rules in the Designer
  • The REST API now offers options for "Modify Group", exclusion of Devices and more. Please find an extended online documetation of the REST API in SecureChange now.
  • Import of Access Requests is now possible for "Comment" and "Action" also

Changes regarding SecureApp:

  • Introduction of a Connectivity Map for a graphical view of all connections affecting an application, regardless of involved devices.
  • Improved support of AWS applications
  • Improvements of the REST API, esp. for AWS

Further improvements and corrections are included.

 

The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com

 

Page 5 of 5