Tufin Review

Provides important rule and policy visibility for teams outside of the firewall group

What is our primary use case?

We primarily use SecureTrack for viewing and tracking changes to policies.

How has it helped my organization?

This has helped us to better clean up and audit changes to the firewall policy. Also, giving access to the other teams without giving them direct access to the firewalls, themselves, is very helpful.

This solution has also saved our architects time. They are unable to view the firewall policy directly, so they use this product to find the rules that they need. If something is being moved then they can easily create a document that has all of the existing rules.

What is most valuable?

The most valuable feature is to give people outside of the firewall group access to view the policy. Tracking is the most useful feature for us, right now. It saves time but I cannot give an estimate as to how much.

The visibility is good. We can see the policies and what changes need to be made, based on the report.

What needs improvement?

When viewing the policy there are a lot of Check Point user's inline rules, and you don't see those in our policies. It just labels them from top-down. We use a lot of inline rules, and it would be beneficial to see those from within Tufin. 

What do I think about the stability of the solution?

Overall the system is stable, and we have had no issues configuring it with our firewalls, or otherwise.

What do I think about the scalability of the solution?

It is scalable in the sense that we use a lot of policies and we haven't run into any limits yet.

How are customer service and technical support?

The solution has been pretty straightforward and I haven't had to contact tech support. Again, we're not using all of the features so perhaps that is why. I do know that there are plans to use the SecureApp and SecureChange in the future, but the trust isn't there yet for us to push down those changes.

If you previously used a different solution, which one did you use and why did you switch?

We did not use a solution prior to this one, but we needed Tufin to give access to other teams to view the policies. We did not want to give them direct access to the firewall management system.

How was the initial setup?

I would say that the initial setup was of medium difficulty. I and one other engineer completed it, and it wasn't too difficult.

The deployment, in total, took more than a year. This included bringing in every single firewall policy and making sure that it was updating and tracking.

What about the implementation team?

We handled the deployment in-house.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution, and I don't know who else is competing in this space with exactly the same features as Tufin.

What other advice do I have?

We don't use SecureChange at the moment, although hopefully, we can get to it in the future.

With respect to having this solution automatically clean up our firewall policies, we run the report but we don’t always push those changes on. We consider the recommendations but review it manually ourselves. This does point out what we can get rid of, and where we can optimize it. Once we have the trust of our team to push these changes automatically it will be implemented, but we're not ready for that yet.

Part of the reason is that we want to be in control of the firewall policy changes. We don't want developers or anybody recommending what we should be doing.

If somebody is looking to integrate a ticketing system, and not push changes directly through their firewall management system, and they would like a third-party verifier and checker then I don't know any other products that can do that. This is especially true for Check Point firewalls, and Palo Alto.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
See how Tufin can simplify your network security management

Find out how automation and orchestration of security policy management can help you increase agility and efficiency, while reducing risks and ensuring compliance and audit readiness. Request a Tufin demo today.

Add a Comment
Sign Up with Email