On this page
What's New in TOS 5
The list below will sometimes include upcoming versions that are not yet released. Check available versions.
New naming convention
Starting with 5.0.00, we are introducing a new naming convention for TOS. Platform version replaces major version and feature version replaces minor versions of type PGA and PHF. As new features and bug fixes are made available, they are released as new feature versions within that platform version.
-
Platform version: Includes many versions - an initial release version, a number of feature versions, plus unplanned versions if and when needed. Platform version examples: TOS 5, TOS6.
-
Initial release version: The first version, not for production deployment. Meant to test and verify that the new TOS infrastructure deploys and runs smoothly in a lab environment. It contains infrastructure updates and bug fixes, but little or no new features. Examples: 5.0.00, 6.0.00.
-
Feature versions: These versions are production-ready. They contain feature enhancements and bug fixes with little or no infrastructure changes. They will typically be spaced out around six weeks apart. Updating to a feature version within the same platform version generally takes less time than updating to a new platform version. Examples: 5.1.0, 5.2.0, 6.1.00.
The previous naming convention (e.g. R25-2 PHF3.0.0) will continue be used for R25-2 and earlier versions. For more information, see the Tufin Customer Portal
5.2.00
To filter the results, enter text in one or more of the filter fields. Clear the fields to see all items.
|
Feature |
Description |
|---|---|
| Zone API |
A new API to create, update and retrieve SecureTrack zones. Benefits:
|
| USP Viewer Scroll Bar |
Vertical and horizontal scroll bars appear when needed in the USP Viewer. Benefits:
|
| View Reports Permissions |
SecureChange admins can define for each user whether they can generate reports on all tickets or only their own. Benefits:
|
| Check Point License Consumption API |
With this API, you can enable or disable specific Check Point module gateways that have been decommissioned or are standby / test devices, from license counting. You only pay for the devices that deliver value; disabled devices do not consume a license but remain visible in TOS. Benefits:
|
|
PAN IPv6 Support In Topology Map |
TOS now supports IPv6 interfaces and routing (static and dynamic) for Palo Alto Networks devices managed by Panorama, across both advanced routing and legacy routing modes. IPv6 traffic is included in topology mapping, path analysis, and rule matching. In addition, SecureChange access requests now support IPv6 for automatic target selection on PAN devices. Benefits:
|
| Push Tufin-Only Changes to Panorama |
As part of 'Commit Now' and 'Change Window' in SecureChange, TOS performs two actions in Panorama: 'Commit to Panorama' (can be scoped to Tufin user changes) and 'Push to Devices' (previously always pushed all user changes). The new enhancement lets you configure the 'Push to Devices' scope — either all Panorama users or Tufin user changes only. Benefits:
|
| Push changes to DGs only |
You can now configure TOS to push only device group policy changes to Panorama-managed firewalls, without pushing Panorama templates. Benefits:
|
| Guardicore and Illumio Microsegmentation Topology |
TOS topology now includes microsegmentation devices in path analysis. When source/destination is a managed asset, TOS detects and shows the microsegmentation device on the path with its matching rules (including tag-based, tag group, and alert rules). Supports same-subnet and behind-cloud scenarios. You can select Guardicore/Illumio assets as path query endpoints. Benefits:
|
| Zscaler Designer Objects |
Designer now suggests updating and creating groups as needed on Zscaler ZIA instead of raw embedded IP addresses or services, Benefits:
|
| Guardicore and Illumio Microsegmentation in Rule Viewer |
You can now get deep, tag-aware visibility into Guardicore policies in the Rule Viewer- including resolving tags to assets, filtering rules by asset tags, IPs or names, and tracking rule history changes triggered by asset tag updates. Benefits:
|
|
Palo Alto Strata Cloud Manager |
You can now detect USP violations, view topology run path analysis for Strata Cloud Manager NGFW policies. Benefits:
|
|
Static NSX-T Groups |
The group modification workflow now lets you add/remove objects from static NSX-T security groups or create new groups, and provision the changes seamlessly. Benefits:
|
5.1.01
Bug fix only. See 5.1.00 for feature enhancements.
5.1.00
This is the first GA release of TOS 5
To filter the results, enter text in one or more of the filter fields. Clear the fields to see all items.
|
Feature |
Description |
|---|---|
|
Arista VeloCloud |
VeloCloud SD-WAN devices can now be monitored by TOS, bringing them into the unified control plane used to manage and monitor firewalls, routers, cloud resources, and hybrid environments. Security and traffic policies from VeloCloud are visible, validated, and governed like all other network devices. Benefits:
See SecureTrack features and SecureChange features for Arista VeloCloud. |
|
TufinAI Executive Dashboard |
TOS administrators can now to craft their own dashboards and define charts to present unique and customized aggregations over security rules and SecureChange tickets. Based on specifications given in natural language, AI-generated code fetches filtered data from TOS and renders it into charts and reports. Benefits:
|
| Cisco FMC - FQDN |
FQDN objects are now supported for Cisco FMC including visibility, topology, compliance, and access request automation. Visibility into FQDN content is supported in the Rule Viewer and Compare Revisions. You can run path analysis queries by using FMC FQDN objects and identify allowing/blocking rules. You can automate access requests that include FQDN objects where rules have to be changed / added, including target selection, design, verification and provisioning. Benefits
See SecureTrack and SecureChange features for Cisco FMC. |
| Azure Usage Analysis |
TOS now supports VNet flow logs, and Azure resource specific log analytics collection to provide cleanup and optimization insights for Azure NSGs and firewalls. Benefits:
|
|
RHEL 9 / Rocky Linux 9 |
TOS can now be installed on Red Hat Enterprise Linux 9 and Rocky Linux 9 operating systems Benefits:
See TOS release history. |
|
Monitor AWS using SDK2 |
Amazon's AWS SDK v1 has reached end of support, and will not receive further security or new region updates. Therefore, for all new installations, TOS will monitor AWS using SDK v2. For upgrades, from older installations, TOS will continue using SDK v1. By the end of the year, SDK v2 will become the default both for clean installs and upgrades from previous versions. All TOS enhancements for AWS added in TOS 5 and later will require AWS SDK v2. Therefore, we recommend moving to AWS SDK v2. Benefits:
|
|
AWS RDS Visibility & Policy Support |
AWS RDS instances are now visible in TOS. Security Group policies applied to RDS endpoints can be viewed, searched by IP, and included in topology and path analysis. TOS retrieves AWS RDS instances and associates their security groups, modeling them as network entities. RDS instances are counted as licensed VM entities. This feature requires AWS SDK v2. Benefits:
|
|
AWS Opt-in Regions By Assume Role |
TOS now supports monitoring AWS opt-in regions using assume role authorization. TOS can monitor the accounts and resources deployed in the opt-in regions by AWS using assume role authorization. Requires enablement of AWS SDK2. Otherwise, a local user must be used for authentication and authorization. This feature requires SDK v2. Benefits:
|
|
Cisco IOS-XE SDWAN (cEdge) - GRE Tunnel support |
Cisco IOS-XE SDWAN (cEdge) - GRE Tunnel support
|
5.0.00
This is the initial release, not for production.
To filter the results, enter text in one or more of the filter fields. Clear the fields to see all items.
|
Feature |
Description |
|---|---|
|
Initial Release |
5.0.00 is the first version of the TOS 5 platform version. It is not for production deployment but rather meant to test and verify that the new TOS infrastructure deploys and runs smoothly in a lab environment. Generally first versions of platform versions contains infrastructure updates and bug fixes, but little or no new features. Subsequent versions starting with 5.1.00 will contain new features. |
|
New Naming Convention |
Starting with 5.0.00, we are introducing a new naming convention for TOS. Platform version replaces major version and feature version replaces minor versions of type PGA and PHF. As new features and bug fixes are made available, they are released as new feature versions within that platform version. The previous naming convention (e.g. R25-2 PHF3.0.0) will continue be used for R25-2 and earlier versions only.
For more information, see the Tufin Customer Portal |
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague