Tufin Orchestration Suite 20-1
Tufin has released TOS R20-1, the first version of the Tufin Orchestration Suite in 2020. TOS 20-1 is available as GA now, delivering some improvements, e.g.
Change Automation and Orchestration
- Improvement of Rule Modification Workflow
This type of workflow has been introduced with R19-3. This version allows to create tickets to change Source and Destionation of an existing rule. With R20-1 now also Services can be added / changed / removed from a rule.
Supported devices are Check Point R80, Cisco ASA, Cisco FMC, Palo Alto Panorama, and Juniper SRX. - Enhancements in SecureApp User Permissions
More flexibility for roles and permissions in SecureApp, e.g. configuration whether users are allowed to use Server Resources in their Application Connections. Besides this, Tufin has enhanced the Security Segmentation if Interconnected Domains are configred.
Devices and Platforms
- Support of IPv6 in Topology
SecureTrack Topology supports IPv6, i.e. it can be used in the Interactive Map for e.g. paths and traffic simulation.
Supported are currently Cisco IOS-XR, Check Point R80, and Fortinet FortiManager in Advanced Mode. - Fortinet IPv6 automation in non-topology mode
If Topology isn't used in SecureChange (require e.g. manual Target selection), IPv6 objects in SecureChange Access Requests can be used in automation. So change processes can be automated working with IPv4 as well as IPv6 objects. - Enhancements for Licensing page
Some improvements have been implemented to deliver more clarity regarding available and bound licenses. - Cisco FMC Zones Support - Automation
For Cisco Firepower Management Center (FMC) devices in non-topology mode specific zone-to-zone mapping can be chosen in SecureChange Access Requests. This can also be used in automated changes. - Cisco Firepower Rule and Object Usage
The enhanced rule usage capabilities and features in SecureTrack can now be used for FMC devices, i.e. metadata for rules are calculated and shown in Policy Browser. - Palo Alto Panorama Dynamic Address Group (DAG) support with Tags
The content of Dynamic Access Groups based on Panorama Tags can be shown in SecureTrack, improving visibility and traffic analysis (also in Topology). - Hashicorp Vault Support for Amazon AWS
This option can be used to store Amazon AWS authentication credentials and to provide tight access control to the AWS. Instead of connecting directly to the AWS, SecureTrack can receive a token for authentication and communication with the AWS device. - Support of additional devices and versions
- Check Point R80.40, supporting Check Point API version 1.5
- Cisco Firepower Management Center (FMC) 6.5
- Forcepoint SMC 6.5.10
- F5 BIG IP 14.1
- Palo Alto PanOS firewall version 9.1
- Palo Alto Panorama version 9.0.4, 9.1
- VMware NSX-V version 6.4.6
REST API
- Management of Generic Interfaces, Generic Routes, and Generic VPN
New API calls are available, supporting full functionality - e.g. get Generic Interface by ID, get Generic Interfaces for a device, get Generic Route by ID, get Generic Routes for a device, get Generic VPN by ID, get Generic VPNs for a device. - Management of Device Connections for Firewalls in Transparent Mode
Managing L2 Firewalls is now integrated and possible using REST API. - Management of Ignored Interfaces
It's possible to exclude selected Interfaces from SecureTrack Topology. They can now being managed using REST API. - Device Interfaces and Domains
When working with Domains in SecureTrack, now REST API can be used to associate an interface óf a device with a Domain ID. - Cloud Management
The Interactive Map uses Clouds in some situations. Now the management of Joining Clouds can be done via REST API. - Enhancements of User Management
Management of SecureChange and SecureApp users is enhanced when REST API is used, esp. management of Groups. - Rule Modification Workflow
As shown above, Service can now be changed for a rule. This can also be done with REST API. - Ticket Search in SecureChange
Pagination can now be used in REST API to shorten response time and to limit the amount of data returned by rule search APIs.
Further improvements as well as corrections are included.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com