Tufin Orchestration Suite Reviews

Name: Tufin Orchestration Suite
Brand: Tufin
Rating: 4.0 (183 reviews)

Vendor: Tufin

4.0 out of 5

183 reviews
91% willing to recommend

1,967 followers

Start review

What is Tufin Orchestration Suite?

Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment. Customers gain visibility and control across their network, ensure continuous compliance with security standards and embed security enforcement into workflows and development pipelines.

Get the Tufin Orchestration Suite Buyer's Guide and find out what your peers are saying about Tufin Orchestration Suite, AlgoSec, FireMon Security Manager and more!

Tufin Orchestration Suite is the #2 ranked solution in top Firewall Security Management solutions. PeerSpot users give Tufin Orchestration Suite an average rating of 8.0 out of 10. Tufin Orchestration Suite is most commonly compared to AlgoSec: Tufin Orchestration Suite vs AlgoSec. Tufin Orchestration Suite is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 19% of all views.

Buyer's Guide

Tufin Orchestration Suite

February 2025

Get the report

Helped 839,422 peers since 2012

Featured Tufin Orchestration Suite reviews

Robert Letson

Director at Visa Inc.

We like what we have seen out of SecureTrack 2.0 with its improved search capabilities, where you can do greater than, less than, not equal, etc. Right now, if you're in there and you want to do a search, you have to write it in a specific way, since you can't use a not statement, less than, or greater than. Therefore, it will be a lot easier to maintain your USP because it has the new editor. It looks more like a spreadsheet online. I am just a little disappointed to hear because we are using SecureChange that we can't go to SecureTrack 2.0 yet. We have to wait for a couple of more versions. On Palo Alto, we were told that you want to go with the panorama. Then, all the gateways are under it, so everything you create has to be as a shared object. When we first brought this to Tufin, Tufin said, "No, it's more secure to only have local objects." However, it sounds like Palo Alto has now convinced Tufin that shared objects is more the way to go. Otherwise, you have a lot of stuff filtering down to all the firewalls. Tufin gave us a script to plug into our workflow to make things shared, but I am expecting this will become more a part of our base product. They have found some things, like our database is huge, which they finally realize. I guess they didn't really have in their plans to do much with shared objects on Palo Alto, but they are saying that this is what is really making our database swell. They are saying it's on their side and are putting in their fixes to fix it, which is good. The topology needs improvement. If I click on the network tab, I can go get a cup of coffee, come back, and my topology is still not painted. Maybe, it's just because we have so many devices, but looking at the topology, it is too slow. The problem is that when I click on the network tab, I do not want to see the topology. I want to click on the "Next" button, so I can put in the source and destination, so I can see the path. However, I still have to sit there and wait for the topology to load, and it's frustrating. I'll click on topology and try to click that "Next" button in time to where I can get around it. But, typically, you have to wait for that topology to paint. When it paints it, it's just a bunch of black smudges because there is just so much there. It can't paint it to where you see something. I can always zoom out, or something like that, but it's really worthless.

Read full review

Valentin Tache

Senior network engineer at a media company with 11-50 employees

My primary use case involves applying firewall policies faster from a central point. Additionally, I would like to use it to generate reports, but this hasn't occurred yet Tufin Orchestration Suite is a good tool that makes firewall policies faster to implement from a central point, and its…

Read full review

NetworkEng4365

Senior Network Engineer at a financial services firm with 10,001+ employees

For me, there are two things that can make Tufin a bit better. This could be something on my end that I don't understand or maybe it can already be done and I don't know, but the two things that I am hoping to get out of this couple of days here at Tufinnovate 2019 are: have a better focus on automation - automating a lot of the processes; and automating rule re-certification, or at least finding a way to simplify it. In my industry, the banking industry, we're heavily regulated. Auditors are everywhere and they want everything accounted for. When I do a rule re-certification, I have to justify why that rule still there, who is using the rule, what's going on. Or if it hasn't been used, I want to get rid of it. But I don't want the onus to be on the firewall team. I want that onus to be on the person who requested the rule. I'm trying to figure out a way that I can have Tufin say, "Hey, look, John or Joan, your rules haven't been used in a year," or "Do you still require these rules or these servers?" and it would give them buttons to click, either "yes" or "no". If they hit "no," Tufin would say, "Thanks very much," and disable them for 30 days, in case they made a mistake, and after 30 days, it would remove them. That type of automation would save us so much time. Right now, there are three people doing that job. As an example with rules, when I look at a rule it will tell me how many days it was hit, when the last hit was, when it was last modified, but I can't get a creation date. What date was it created? It must know when it was created because it created an OUI for the rule. I asked support and they said, "Well, go here, go there, do this, spin your head and tap three times, and if you're lucky..." And I'm thinking, "Can you not just tell me the date it was created?" Then I could filter on those as well. Right now, I can't filter on rules that are over five years old, for example. Even when they're in use, I still want to see old rules. Maybe they've got old services that shouldn't be working anymore. I would also like to see better logging. SecureChange could be a bit better, at least with integration with ServiceNow or some of the other ticketing tools.

Read full review

Tufin Orchestration Suite mindshare

As of March 2025, the mindshare of Tufin Orchestration Suite in the Firewall Security Management category stands at 22.0%, up from 20.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Firewall Security Management

PeerAnalyst reports based on Tufin Orchestration Suite reviews

Type	Title	Date
Category	Firewall Security Management	Mar 4, 2025	Download
Product	Reviews, tips, and advice from real users	Mar 4, 2025	Download
Comparison	Tufin Orchestration Suite vs AlgoSec	Mar 4, 2025	Download
Comparison	Tufin Orchestration Suite vs Palo Alto Networks Panorama	Mar 4, 2025	Download
Comparison	Tufin Orchestration Suite vs FireMon Security Manager	Mar 4, 2025	Download

Title	Rating	Mindshare	Recommending
AlgoSec	4.5	22.3%	96%	182 interviews Add to research
FireMon Security Manager	4.1	16.5%	87%	56 interviews Add to research

Valuable Features

Tufin Orchestration Suite excels in change automation, compliance tracking, and firewall rule optimization. Its SecureTrack and SecureChange modules enhance visibility and workflow management, allowing users to automate rule changes, track policy compliance, and clean up unused rules efficiently. With multi-vendor support, robust reporting, API integration for automation, and seamless workflow customization, it provides significant value in managing large-scale firewall environments, optimizing security policies, and maintaining compliance across diverse security devices.

"Tufin Orchestration Suite is a good tool that makes firewall policies faster to implement from a central point, and its support is good."
"It offers automation capabilities that are very helpful, especially for network security orchestration and applying policies."
"Tufin simplifies understanding network topology."

Room for Improvement

Tufin Orchestration Suite requires better integration with third-party products and more features for Fortinet and Palo Alto support. The interface needs user-friendliness and customization. Automation and reporting improvements are necessary, along with enhancements in topology handling and cloud, API, and multi-vendor support. Performance issues demand a resolution, and licensing should offer more flexibility. Training and support need enhancement, and features like NAT management and change workflow should be simplified for easier use.

"The design needs improvement, particularly in recognizing target devices and target files. Additionally, there's a need for an improved network map."
"There's a need for an improved network map."
"While Tufin is suitable for small businesses, issues can arise in larger enterprises, particularly concerning policy-based forwarding and NAT traffic."

ROI

Many users saw significant reductions in time spent on firewall changes, enabling automation and fast implementation. Teams could respond quicker and were more efficient due to less manual processing. While some have not yet calculated ROI, users frequently experienced improved productivity and cost benefits. Tufin Orchestration Suite facilitated faster, more effective changes and provided better visibility, leading to substantial time savings, with multiple users noting an increase in overall efficiency and agility.

Pricing

Tufin Orchestration Suite pricing is perceived as high, with some users finding it competitive or reasonable. Costs vary, with instances of pricing at $40,000 to $300,000 annually. Licensing models include both perpetual and subscription options, adaptable to different environments. Some users appreciate the transparent improved models, while others find them confusing. Discounts and flexible arrangements are possible for larger enterprises, but high costs might be a consideration for smaller companies.

"For us, the pricing was six out of ten, with ten being the most expensive and one being the cheapest."
"Tuffin is expensive, and we have to explain to our customers the benefit for them to purchase. If we explain the benefits in the correct way they do not mind the price. We typically do costing for the customer for three to five years. We make the general total cost of ownership at the beginning of a project for our customers."
"I had a bad experience with the financial department, and the price is too high. The software does work and does the job. The solution is worth the money. If I had a different partner to implement the solution, it would have been worth the price."

Popular Use Cases

Organizations primarily use Tufin Orchestration Suite for managing firewall rules, policy orchestration, and compliance. Customers deploy it for automation, audit monitoring, risk compliance, and firewall management across multiple environments. They utilize SecureTrack and SecureChange for tracking policy changes, reporting, and rule optimization. It also serves for security auditing, managing firewall access from a central console, automating change processes, and ensuring compliance with regulations. Users frequently integrate it with other tools like ServiceNow for enhanced functionality.

Service and Support

Customers consistently highlight excellent customer service and technical support for Tufin Orchestration Suite. The support team is knowledgeable, responsive, and effective, often providing timely resolutions. Several users appreciate the personalized attention and ability to escalate issues when needed. Although some experience slower response times or find it challenging to reach higher-level support, most find the service beneficial, especially for complex issues. Coverage extends globally, with support centers in various countries.

Deployment

Tufin Orchestration Suite's initial setup is generally described as straightforward and easy, with most users finding it uncomplicated. Some mention physical and network complexities, especially in larger environments or when integrating with specific systems like Check Point or ServiceNow. While a few experienced challenges requiring assistance from Tufin's team, many successfully managed setup independently. It is noted that customization and specific configurations can introduce complexities, but experienced users find it manageable.

Scalability

Tufin Orchestration Suite scales well for various environments, handling hundreds of firewalls and complex network architectures. Users experience easy expansion, especially with distributed architecture and licensing flexibility. Some mention past scalability issues, improved with updates and architecture changes. Large installations report occasional performance slowdowns but benefit from adding resources. While primarily suitable for enterprises, small setups find it meets their needs. However, newer technology integrations could enhance scalability further. Overall, scalability gets positive feedback.

Stability

Users report Tufin Orchestration Suite as generally stable, without significant issues. Performance is smooth, and updates enhance reliability. Some users experienced minor bugs or capacity constraints, but these were addressed by updates. Reports of occasional instability relate to hardware configurations or system upgrades. Most find performance satisfactory with no major outages, though some seek improvements in handling high loads. It is considered reliable, with a suggestion for regular updates to maintain stability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Tufin Orchestration Suite Buyer's Guide for additional reliable information.