On This Page
R21-2 Aurora PHF2.0.0 Release Notes
Resolved Issues from Previous Releases
Tufin Orchestration Suite (TOS) R21-2 Aurora PHF2.0.0 includes all resolved issues listed for this release, as well as all resolved issues from the previous releases listed below.
|
All Resolved Issues |
|
|
|---|---|---|
|
This release |
|
|
|
R21-1 PHF1.1.0 Aurora |
|
|
Installing/Upgrading TOS Aurora
TOS Aurora is the next generation platform of Tufin Orchestration Suite, with newly enhanced versions of features you rely on.
There are three options for installing or upgrading TOS Aurora:
-
New installation: Installing TOS Aurora on a new environment.
For more information, see Clean Install procedures
-
Aurora to Aurora upgrade: Upgrading an older version of TOS Aurora to a newer version of TOS Aurora.
For more information, see Upgrade From TOS Aurora
-
Classic to Aurora upgrade: Upgrading TOS Classic to TOS Aurora.
To help you perform the Classic to Aurora upgrade, Tufin developed the Upgrade Planner. The Upgrade Planner collects TOS environment and setup information to determine whether your current environment is compatible with TOS Aurora.
For more information, see:
To upgrade from Classic to Aurora upgrade, contact Tufin Support.
To obtain the TOS Aurora installation files, see the Download Center in the Customer Portal.
Upgrade Paths and Compatibility
To view the supported upgrade paths for TOS Aurora, see the TOS Release History page.
Make sure to read the additional notes in the Release Notes for each version in your upgrade path.
TufinOS Compatibility
Tufin Orchestration Suite R21-2 Aurora requires TufinOS 3.50 and above. We recommend that you install the latest version of TufinOS available.
The latest version of TufinOS available can be downloaded from the Customer portal:
- In the Download Center in the Customer Portal
- In the New Version Support page, as part of the installation/upgrade files.
Deprecated Features
The following features will no longer be available in future releases of TOS Aurora:
|
Feature |
Removed from New Installations |
Removed When Upgrading |
Announcement Date |
|---|---|---|---|
|
Adding new TOP plugins (existing plugins in TOS will continue to work). |
R25-1 |
R25-2 |
March 2024 |
|
Extended Dynamic List (EDL) management via SecureApp |
R24-1 |
R24-2 |
November 2023 |
|
TLS 1.0/1.1 (email and LDAP communications). Transport Layer Security (TLS) 1.0 and 1.1 were deprecated by the IETF in June 2018, due to security issues. For most services TLS 1.2 is now mandatory. |
R23-2 |
R23-2 |
December 2022 |
|
Policy Analysis Report (replaced by Policy Analysis Report in STRE) |
R21-3 | R22-2 | June 2021 |
| Risk Charts (replaced by Dashboard) | R21-3 | R22-2 |
June 2021 |
| Compliance Policies (replaced by Unified Security Policy) | R21-3 | R22-2 | June 2021 |
|
Regulations Audit Browser (replaced by Unified Security Policy and SecureTrack Reporting Essentials) |
R21-3 |
R22-2 |
June 2021 |
| Rule Documentation Report (replaced by Rule Viewer) | R21-3 | R22-1 | June 2021 |
| Security Risk Report (replaced by Unified Security Policy and SecureTrack Reporting Essentials) | R22-1 | R22-2 |
June 2021 |
|
Expired Rules Report (replaced by Rule Viewer, SecureTrack Reporting Essentials Rule Analytics report, and the Rule Lifecycle Management App). |
R22-1 |
R22-2 |
June 2021 |
| Integration with Puppet Labs | R19-3 | R19-3 | August 2021 |
| Viewing Cisco ACI Applications in SecureApp | R19-3 | R19-3 | August 2021 |
| Firewall OS Monitoring (available only where used continuously since upgrade from TOS Classic) | R22-1 | R22-1 | March 2022 |
For a list of features that will be deprecated in future releases, see End of Support and Deprecated Features
Additional Information
-
Starting from R21-2 Classic, all devices need TLS 1.2. SecureTrack will not retrieve revisions from devices with TLS 1.0 or 1.1.
-
Starting R20-2, the Web Server certificate validity will be decreased to 395 days for clean installations.
-
Tufin Orchestration Suite validates user information for many fields in SecureTrack and SecureChange such as user names and email address. If a field contains invalid information, you will not be able to create or modify the field until the invalid information has been corrected. See Input Validation for details.
-
Starting with Tufin Orchestration Suite R19-2, SecureChange will verify that devices are suitably licensed for both SecureChange and Provisioning during ticket handling.
Unlicensed devices may cause unplanned interruptions when performing SecureChange operations.
We strongly recommend checking that all devices used in the system are fully licensed prior to upgrading, as unlicensed devices may cause unplanned interruptions when performing SecureChange operations.
To review the status of all your licenses, see Viewing License Status .
For a summary of how to work with SecureChange licenses, see Installing SecureChange Licenses and Licensing SecureChange.
For more information about licensing, contact your Tufin partner or email us at [email protected].
-
Tufin Orchestration Suite enforces maximum session duration settings for SecureTrack and SecureChange, including for the REST APIs.
-
To ensure that SecureChange and SecureApp have full functionality, the dedicated account used to define integration with SecureTrack (SecureChange/SecureApp > Settings > General > SecureTrack) should have Super Admin permissions configured in SecureTrack.
-
For Check Point R80 devices, when you upgrade from R18-3 and below to R19-1 and above, a new revision is automatically retrieved. After upgrading, Compare Revisions may show changes for all the existing network objects.
Before you upgrade, make sure you have a recent (from ≤ 3 months) Check Point Jumbo Hotfix version installed on your device. See the relevant Check Point Support Center article for more information on how to verify which Jumbo Hotfix version is installed.
-
Microsoft Internet Explorer (IE): Release R20-1 is the last release that supports IE. From release R20-2, Tufin support for IE will reach its "end of life" (EOL). Tufin will support Microsoft Edge version 80.0.x (and above) and will continue to support Chrome version 80.0.x (and above) and Firefox version 73.0.1 (and above).
-
SAML Login Authentication and Google Chrome browsers: Google recently introduced a change to their SameSite cookie policy that enhances browser security. As a result of this change, users will be unable to log in to SecureTrack using SAML authentication on old browsers. SAML authentication is supported only for browser versions starting from:
-
Chrome: versions 79 and 80.
-
Firefox: version 72
We strongly recommend upgrading the browsers to these versions. For more information on the SameSite cookie policy change, see the following posts:
-
