Tufin Security Policy Orchestration

Solution Overview
This lab represents a demo and sandbox environment for the Tufin Orchestration Suite. 

Tufin provides the ability to control and manage the security policy (i.e., network policy) across multiple platforms through a single pane of glass. Tufin supports all major enterprise firewalls and next-generation firewalls (NGFW) as well as networking devices such as switches, routers and load-balancers. It also supports Software-Defined Data Centers (SDDC) and the leading cloud platforms.

The Tufin Orchestration Suite is comprised of three components: SecureTrack, SecureChange and SecureApp. These components are covered in detail within the lab guide. 

There are also three linked videos that cover each of the components in detail. These videos go over many of the same topics that are covered within the lab guide.

Goals & Objectives

The primary goal for this lab is to familiarize the user with the features and functionality of the Tufin Orchestration Suite (TOS). The lab guide provides a guided walkthrough of the TOS. The lab can also be used as a sandbox environment to facilitate additional learning and testing. 

After completing this lab, the user will know how to:
  • Use Tufin SecureTrack to easily review firewall rules to identify unsafe rules, shadowed rules and other firewall cleanup opportunities.
  • Use Tufin SecureTrack to set and help enforce a zone-based, vendor-agnostic network security policy.
  • Use Tufin SecureTrack to view network topology and determine if specific traffic is allowed between two network locations.
  • Use Tufin SecureChange to request, design and implement firewall changes to multiple devices in a guided, automated manner.
  • Use Tufin SecureApp to define an application-centric network connectivity map, and then automatically implement the necessary firewall rules across all devices to enable the application's connectivity.

Hardware & Software

This lab is entirely virtual. It includes an instance of the Tufin Orchestration Suite, as well as virtual instances of the following network devices that can be managed via Tufin:
  • Checkpoint Gateway (2x).
  • Cisco ASAv (1x).
  • Fortigate (1x).
  • Palo Alto NGFW (2x).
  • Symantec Bluecoat Proxy (Tufin provides policy visibility only — no changes to policy).

Tufin Security Policy Automation Overview

Tufin SecureTrack Overview
Time: 32:07 Plays: 825
Tufin SecureTrack Overview
This video provides a high-level overview of the Tufin Orchestration Suite (TOS) with a focus on SecureTrack. The TOS is a policy-centric solution for automatically analyzing risk, designing, provisioning and auditing network security changes. The TOS supports all major network vendors and provides a centralized pane-of-glass to view and manage network policy.

Go to Video

Tufin SecureChange Overview
Time: 22:00 Plays: 388
Tufin SecureChange Overview
This video provides a high-level overview of Tufin SecureChange, which is a component of the Tufin Orchestration Suite (TOS). SecureChange increases agility and auditability for the network security change process.

Go to Video

Tufin SecureApp Overview
Time: 15:45 Plays: 292
Tufin SecureApp Overview
This video is a quick overview of Tufin SecureApp, one of the many components included within Tufin Orchestration Suite.

Go to Video

Total Time: 1:09:52