R21-2 Aurora PHF2.0.0 Release Notes

Resolved Issues from Previous Releases

Tufin Orchestration Suite (TOS) R21-2 Aurora PHF2.0.0 includes all resolved issues listed for this release, as well as all resolved issues from the previous releases listed below.

All Resolved Issues



This release


R21-1 PHF1.1.0 Aurora

Installing/Upgrading TOS Aurora

If you have FortiManager devices in SecureTrack, after upgrading you are going to need to add a SAN signed certificate to each device

TOS Aurora is the next generation platform of Tufin Orchestration Suite, with newly enhanced versions of features you rely on.

There are three options for installing or upgrading TOS Aurora:

  • New installation: Installing TOS Aurora on a new environment.

    For more information, see Clean Install procedures

  • Aurora to Aurora upgrade: Upgrading an older version of TOS Aurora to a newer version of TOS Aurora.

    For more information, see Upgrade From TOS Aurora

  • Classic to Aurora upgrade: Upgrading TOS Classic to TOS Aurora.

    To help you perform the Classic to Aurora upgrade, Tufin developed the Upgrade Planner. The Upgrade Planner collects TOS environment and setup information to determine whether your current environment is compatible with TOS Aurora.

    For more information, see:

    To upgrade from Classic to Aurora upgrade, contact Tufin Support.

To obtain the TOS Aurora installation files, see the Download Center in the Customer Portal.

Upgrade Paths and Compatibility

To view the supported upgrade paths for TOS Aurora, see the TOS Aurora Lifecycle and Build History page.

Always review the Compatibility Notes prior to installing an upgrade. Make sure to read the additional notes in the Release Notes for each version in your upgrade path.

TufinOS Compatibility

Tufin Orchestration Suite R21-2 Aurora requires TufinOS 3.50 and above. We recommend that you install the latest version of TufinOS available.

The latest version of TufinOS available can be downloaded from the Customer portal:

Deprecated Features

The following features will no longer be available in future releases of TOS Aurora:


Removed from New Installations

Removed from New Installations and TOS Upgrades

Policy Analysis Report R21-3 Aurora R22-2 Aurora
Risk Charts R21-3 Aurora R22-2 Aurora
Compliance Policies R21-3 Aurora R22-2 Aurora

Regulations Audit Browser

R21-3 Aurora

R22-2 Aurora

Rule Documentation Report R21-3 Aurora R22-2 Aurora
Security Risk Report R22-1 Aurora R22-2 Aurora

Expired Rules Report

R22-1 Aurora

R22-2 Aurora

Additional Information

  • Starting from R21-2 Classic, all devices need TLS 1.2. SecureTrack will not retrieve revisions from devices with TLS 1.0 or 1.1.

  • Starting R20-2, the Web Server certificate validity will be decreased to 395 days for clean installations.

  • Tufin Orchestration Suite validates user information for many fields in SecureTrack and SecureChange such as user names and email address. If a field contains invalid information, you will not be able to create or modify the field until the invalid information has been corrected. See Input Validation for details.

  • Starting with Tufin Orchestration Suite R19-2, SecureChange will verify that devices are suitably licensed for both SecureChange and Provisioning during ticket handling.

    Unlicensed devices may cause unplanned interruptions when performing SecureChange operations.

    We strongly recommend checking that all devices used in the system are fully licensed prior to upgrading, as unlicensed devices may cause unplanned interruptions when performing SecureChange operations.

    To review the status of all your licenses, see Viewing License Status .

    For a summary of how to work with SecureChange licenses, see Installing SecureChange Licenses and Licensing SecureChange.

    For more information about licensing, contact your Tufin partner or email us at salesops@tufin.com.

  • Tufin Orchestration Suite enforces maximum session duration settings for SecureTrack and SecureChange, including for the REST APIs.

  • To ensure that SecureChange and SecureApp have full functionality, the dedicated account used to define integration with SecureTrack (SecureChange/SecureApp > Settings > General > SecureTrack) should have Super Admin permissions configured in SecureTrack.

  • For Check Point R80 devices, when you upgrade from R18-3 and below to R19-1 and above, a new revision is automatically retrieved. After upgrading, Compare Revisions may show changes for all the existing network objects.

    Before you upgrade, make sure you have a recent (from ≤ 3 months) Check Point Jumbo Hotfix version installed on your device. See the relevant Check Point Support Center article for more information on how to verify which Jumbo Hotfix version is installed.

  • Microsoft Internet Explorer (IE): Release R20-1 is the last release that supports IE. From release R20-2, Tufin support for IE will reach its "end of life" (EOL). Tufin will support Microsoft Edge version 80.0.x (and above) and will continue to support Chrome version 80.0.x (and above) and Firefox version 73.0.1 (and above).

  • SAML Login Authentication and Google Chrome browsers: Google recently introduced a change to their SameSite cookie policy that enhances browser security. As a result of this change, users will be unable to log in to SecureTrack using SAML authentication on old browsers. SAML authentication is supported only for browser versions starting from:

    • Chrome: versions 79 and 80.

    • Firefox: version 72

    We strongly recommend upgrading the browsers to these versions. For more information on the SameSite cookie policy change, see the following posts: