Tufin Review

We can see what changes are happening on our security devices at the moment that they're done, so if mistakes happen, we can catch them before there is a disaster.

Valuable Features

The most valuable feature is that we can see what changes are happening on all our security devices at the very moment that they're done, so if any mistakes happen, then we can catch them very quickly before there is a big disaster and outage.

Mistakes like firewall policies where people put in wrong IPs instead of allowing permits and traffic stops. That is why it is very, very important.

Improvements to My Organization

On one of my earlier deployments, I was actually able to quickly diagnose about 100 VPNs that went down because one the administrators made a wrong encryption domain in the tech point, so we were able to catch it right away as the change happened. We were able to revert the changes very, very quickly, and it did not cause a long amount of downtime.

We are able to look at any objects that are not used, rule usage, which, for wide-open rules, we can put in tracking on those rules so we can turn down the rulebase, so those are the good benefits. The rulebase actually shows the same way for all the devices, so if you have checkpoint firewalls, or if you have five load balancers, you can actually have a similar view of all this, so you can understand it very easily.

The other good part is that whenever changes happen, we have to go through change control. We can put in our changer card numbers, and then those all come in the dashboard as the changes that were done on that particular change record, so then you can correlate the changes to a particular request which was approved.

Room for Improvement

New features would be when you look for any of the rules that are unused, then I would like to see whether there was a way to also make sure that the objects that exist are actually live or not. What I mean to say is, if you have a server that you had allowed in the rulebase, and you decommission the server, now the rulebase is there, which shows their logs, but I want to make sure that the server is actually decommissioned and not still alive. If there is a way that we can check for those objects, whether those objects still are alive in the network, that would be great.

Use of Solution

I've been using the product since 2007, since its very early stages.

Stability Issues

At one time, it had processed for a year. When I was in my previous company, I had installed one of the T500 boxes, and it had actually processed about 2.7 terabytes of logs, and we were able to trim down the biggest firewall. We now do about 11,000 rules, and they had never been cleaned for about five or six years, so by the end of the whole exercise, we trimmed down the rule base to less than 300 rules.

Scalability Issues

I've used about 200+ devices. That was all the environment was, so I definitely know, talking to other customers who have thousands of devices, so it scales very well.

Customer Service and Technical Support

Technical support is great. I've worked with several people within the company.

Previous Solutions

It was straightforward. I was able to get all my firewalls and a lot of the other networking devices in less than half a day.

Other Solutions Considered

I compared it to the usability and the easy way to actually add devices. We compared it to AlgoSec and FireMon. Both of them I did not feel were very intuitive to work with, so a lot of training would be required.

Other Advice

Just buy it. Don't even think about any other product. Just buy it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See it in Action

Schedule Your Tufin Demo Now

1 Comment
Fernando VillalobosVendor

Good feedback, as a former FireMon member I would like to invite you to test-drive v8 interface. The major critic I had past year was the interface as you mentioned was not intuitive. V8 is the next step for Policy Management Solutions. I have had users that are very happy with Tufin but at this point all users on my experience that have tested new v8 interface recognises the advantages.

10 March 16
Sign Up with Email