Tufin Orchestration Suite R17-2 Offers Automation of Critical Firewall Tasks


Tufin, provider of Network Security Policy Orchestration solutions, has announced the release of Tufin Orchestration Suite R17-2 with automation for firewall administration tasks.

Put simply, the release is designed to reduce the demand on the firewall administrator’s time, but still ensure that a high security posture is maintained.

The release also delivers some new abilities advancing network security policy management of Cisco Firepower, VMware NSX, Microsoft Azure, Check Point R80.10 and Palo Alto Networks Panorama solutions.

The task of server decommissioning can of course be a tedious process, prone to errors due to lack of insight into how server removal affected the performance and security of a network.

With R17-2, Tufin says it is the first vendor to add automated server decommissioning to the previously released automation of rule decommissioning, making the firewall administrator’s life easier, but still ensuring security is maintained.

The latest product release enables enterprises to:

  • Automatically identify policy rules and objects that need to be changed or removed across all affected firewalls, routers, and cloud platforms
  • Understand server usage and the impact of server decommissioning on the overall firewall policies before decommissioning the server
  • Implement changes directly to eliminate redundant, unused, or unnecessary access that can lead to a security breach
  • Verify that changes were implemented as required by ensuring full documentation and auditability for rule and server decommissioning

“There are inherent security risks with granting legacy access when re-using servers,” says Ofer Or, VP, Products at Tufin. “Our latest product update addresses this by helping enterprises to answer an important security question: ‘What does this server do, and why is it here?’ The addition of server decommissioning to the existing feature of rule decommissioning is the first step in the journey towards full automation of critical firewall tasks. The two features together form a powerful tool that supports firewall optimisation, heightens security, and increases business agility.”


Support for VMware NSX Automation

With the release, Tufin announced automated policy-based management for VMware NSX with automated provisioning coming in the company’s next product release, R17-3. The latest product release, R17-2, provides end-to-end change automation for Palo Alto Networks Panorama policies with dynamic address group (DAG) objects that reference VMware NSX security groups.

The integration enables users to:

  • Track and monitor changes on Palo Alto Networks Panorama policies to establish a greater understanding of policy changes that are integrated with an NSX environment
  • Gain audit insight using comprehensive rule visibility for Palo Alto Networks rules and policies integrated with VMware NSX


First NSPM Vendor to Support Cisco Firepower Management Centre

Tufin Orchestration Suite R17-2 is described as the first network security policy management (NSPM) solution to support Cisco Firepower management console, domains, and firewalls. The joint solution enables users to centrally manage security policies across Cisco Firepower and the hybrid network, providing enhanced visibility and control over Cisco Firepower policies with Tufin’s policy browser and object lookup.

“Tufin’s support for Cisco Firepower Management Centre is the latest advancement of our long-standing partnership,” says Pamela Cyr, SVP, business development at Tufin. “With our newest product enhancements, the next-generation firewall protection and management capabilities of Cisco Firepower Management Centre are now integrated with Tufin’s search and browsing capabilities. The resulting solution provides the necessary visibility and increased security that our joint customers demand.”

Tufin’s support for Cisco Firepower Management Centre allows joint customers to:

  • Centrally manage security policies across Cisco Firepower and the hybrid network
  • Gain visibility and control with Tufin’s policy browser and object lookup as well as with change monitoring for Cisco Firepower policies
  • Validate the migration from Cisco ASA to Cisco Firepower Threat Defense

Tufin Orchestration Suite R17-2 also features:

  • Support for Microsoft Azure Resource Manager (RM)
  • Gain visibility of security and connectivity changes across Microsoft Azure RM virtual networks (VNETs) and network security groups (NSGs) and the rest of the hybrid network
  • Enhanced alert capabilities for violations of Tufin’s Unified Security Policy, supporting the enforcement of continuous compliance with internal and industry regulations
  • Updated change automation for Palo Alto Networks Next-Generation Firewall policies, including the ability to automate rules with ContextID (security profile groups) and rules with log forwarding profiles
  • Support for Check Point R80.10

Tufin Orchestration Suite R17-2 is available now.


  • Show Comments

Your email address will not be published. Required fields are marked *

comment *

  • name *

  • email *

  • website *