What's New in TOS 5

The list below will sometimes include upcoming versions that are not yet released. Check available versions.

New naming convention

Starting with 5.0.00, we are introducing a new naming convention for TOS. Platform version replaces major version and feature version replaces minor versions of type PGA and PHF. As new features and bug fixes are made available, they are released as new feature versions within that platform version.

Platform version: Includes many versions - an initial release version, a number of feature versions, plus unplanned versions if and when needed. Platform version examples: TOS 5, TOS6.
Initial release version: The first version, not for production deployment. Meant to test and verify that the new TOS infrastructure deploys and runs smoothly in a lab environment. It contains infrastructure updates and bug fixes, but little or no new features. Examples: 5.0.00, 6.0.00.
Feature versions: These versions are production-ready. They contain feature enhancements and bug fixes with little or no infrastructure changes. They will typically be spaced out around six weeks apart. Updating to a feature version within the same platform version generally takes less time than updating to a new platform version. Examples: 5.1.0, 5.2.0, 6.1.00.

The previous naming convention (e.g. R25-2 PHF3.0.0) will continue be used for R25-2 and earlier versions. For more information, see the Tufin Customer Portal

5.1.00

This is the first GA release of TOS 5

To filter the results, enter text in one or more of the filter fields. Clear the fields to see all items.

Feature: Description:

Feature	Description
Arista VeloCloud	VeloCloud SD-WAN devices can now be monitored by TOS, bringing them into the unified control plane used to manage and monitor firewalls, routers, cloud resources, and hybrid environments. Security and traffic policies from VeloCloud are visible, validated, and governed like all other network devices. Benefits: Consistent security policies across the entire hybrid architecture. Faster, safer change implementation. Stronger compliance posture and audit readiness. Reduced operational complexity and misconfiguration risk. Improved incident response through unified path visibility. See SecureTrack features and SecureChange features for Arista VeloCloud.
TufinAI Executive Dashboard	TOS administrators can now to craft their own dashboards and define charts to present unique and customized aggregations over security rules and SecureChange tickets. Based on specifications given in natural language, AI-generated code fetches filtered data from TOS and renders it into charts and reports. Benefits: Generate your own dashboards and reports Examples: Daily monitoring, proof of ROI, compliance audit preparation, policy cleanup planning, ticket SLA, policy vulnerabilities. See Personalize TufinAI Executive Dashboard.
Cisco FMC - FQDN	FQDN objects are now supported for Cisco FMC including visibility, topology, compliance, and access request automation. Visibility into FQDN content is supported in the Rule Viewer and Compare Revisions. You can run path analysis queries by using FMC FQDN objects and identify allowing/blocking rules. You can automate access requests that include FQDN objects where rules have to be changed / added, including target selection, design, verification and provisioning. Benefits Reduced SLA through fully automated access request handling. Improved accuracy See SecureTrack and SecureChange features for Cisco FMC.
Azure Usage Analysis	TOS now supports VNet flow logs, and Azure resource specific log analytics collection to provide cleanup and optimization insights for Azure NSGs and firewalls. Benefits: Reduced attack surface Improved security posture Reduced time spent on manual cleanup/optimization See Azure configuration for flow logs.
RHEL 9 / Rocky Linux 9	TOS can now be installed on Red Hat Enterprise Linux 9 and Rocky Linux 9 operating systems Benefits: Addresses market demand to install TOS on more recent operating system versions Improves security and compliance posture Streamlines deployment See TOS release history.
Monitor AWS using SDK2	Amazon's AWS SDK v1 has reached end of support, and will not receive further security or new region updates. Therefore, for all new installations, TOS will monitor AWS using SDK v2. For upgrades, from older installations, TOS will continue using SDK v1. By the end of the year, SDK v2 will become the default both for clean installs and upgrades from previous versions. All TOS enhancements for AWS added in TOS 5 and later will require AWS SDK v2. Therefore, we recommend moving to AWS SDK v2. Benefits: Ensures latest AWS security and other updates Access to the latest TOS features for AWS (RDS, prefix lists and opt-in regions) See Use AWS SDK v2 for AWS monitoring.
AWS RDS Visibility & Policy Support	AWS RDS instances are now visible in TOS. Security Group policies applied to RDS endpoints can be viewed, searched by IP, and included in topology and path analysis. TOS retrieves AWS RDS instances and associates their security groups, modeling them as network entities. RDS instances are counted as licensed VM entities. This feature requires AWS SDK v2. Benefits: Full visibility of policies protecting AWS databases. Accurate path analysis to RDS endpoints. Improved compliance posture for AWS environments. See SecureTrack Features by Vendor > Amazon.
AWS Opt-in Regions By Assume Role	TOS now supports monitoring AWS opt-in regions using assume role authorization. TOS can monitor the accounts and resources deployed in the opt-in regions by AWS using assume role authorization. Requires enablement of AWS SDK2. Otherwise, a local user must be used for authentication and authorization. This feature requires SDK v2. Benefits: Full visibility of policies protecting AWS databases. Accurate path analysis for resources deployed in opt-in regions See SecureTrack Features by Vendor > Amazon.
Cisco IOS-XE SDWAN (cEdge) - GRE Tunnel support	Cisco IOS-XE SDWAN (cEdge) - GRE Tunnel support Accurate topology map including GRE tunnels enables E2E automated change process Facilitates shorter SLAs Fewer manual errors See SecureTrack Features by Vendor > Cisco.

5.0.00

This is the initial release, not for production.

To filter the results, enter text in one or more of the filter fields. Clear the fields to see all items.

Feature: Description:

Feature	Description
Initial Release	5.0.00 is the first version of the TOS 5 platform version. It is not for production deployment but rather meant to test and verify that the new TOS infrastructure deploys and runs smoothly in a lab environment. Generally first versions of platform versions contains infrastructure updates and bug fixes, but little or no new features. Subsequent versions starting with 5.1.00 will contain new features.
New Naming Convention	Starting with 5.0.00, we are introducing a new naming convention for TOS. Platform version replaces major version and feature version replaces minor versions of type PGA and PHF. As new features and bug fixes are made available, they are released as new feature versions within that platform version. The previous naming convention (e.g. R25-2 PHF3.0.0) will continue be used for R25-2 and earlier versions only. Platform version: Includes many versions - an initial release version, a number of feature versions, and unplanned versions if needed. Platform version examples: TOS 5, TOS6. Initial release version: The first version, not for production deployment. Meant to test and verify that the new TOS infrastructure deploys and runs smoothly in a lab environment. It contains infrastructure updates and bug fixes, but little or no new features. Examples: 5.0.00, 6.0.00. Feature versions: These versions are production-ready. They contain feature enhancements and bug fixes with little or no infrastructure changes. They will typically be spaced out around six weeks apart. Updating to a feature version within the same platform version generally takes less time than updating to a new platform version. Examples: 5.1.0, 5.2.0, 6.1.00. For more information, see the Tufin Customer Portal

Feature

Description

Initial Release

5.0.00 is the first version of the TOS 5 platform version. It is not for production deployment but rather meant to test and verify that the new TOS infrastructure deploys and runs smoothly in a lab environment. Generally first versions of platform versions contains infrastructure updates and bug fixes, but little or no new features. Subsequent versions starting with 5.1.00 will contain new features.

New Naming Convention

The previous naming convention (e.g. R25-2 PHF3.0.0) will continue be used for R25-2 and earlier versions only.

Platform version: Includes many versions - an initial release version, a number of feature versions, and unplanned versions if needed. Platform version examples: TOS 5, TOS6.
Initial release version: The first version, not for production deployment. Meant to test and verify that the new TOS infrastructure deploys and runs smoothly in a lab environment. It contains infrastructure updates and bug fixes, but little or no new features. Examples: 5.0.00, 6.0.00.
Feature versions: These versions are production-ready. They contain feature enhancements and bug fixes with little or no infrastructure changes. They will typically be spaced out around six weeks apart. Updating to a feature version within the same platform version generally takes less time than updating to a new platform version. Examples: 5.1.0, 5.2.0, 6.1.00.

For more information, see the Tufin Customer Portal