Our primary use case is trying to make sure that when firewall rules are requested, they meet our compliance. Tufin has a notion of a universal security policy, where you line up the policies and we use the solution for that. We also use it to track all of the changes. I'm the executive director of the company.
Executive Director at a financial services firm with 1,001-5,000 employees
Works well with simple topologies; ingestion of flow data could be enhanced
Pros and Cons
- "All the basic functions work well."
- "Lacks ability to create a Terraform that would enable deployment without manual steps."
What is our primary use case?
What is most valuable?
Tufin gives us the rule, definitions and things of that sort, which is great. All the basic functions work well.
What needs improvement?
Our compliance goes through SecureChange and they give us the rule set and then the recommendation. Ideally we'd like to press a button and create a Terraform to put into the build and deploy. We can't do that yet and there are several manual steps which can lead to errors. We'd like that to change.
I would also like to see the ingest of flow data enhanced, so that multiple flow data can be ingested from different points on the network and be mapped out. The basics work, the issue is when you have a complex network because maybe you want flow data from the firewall and with Tufin it's only from a single source.
For how long have I used the solution?
I've been using this solution for over two years.
Buyer's Guide
Tufin Orchestration Suite
March 2025

Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
849,190 professionals have used our research since 2012.
What other advice do I have?
Tufin is a good company. I think most of the products in this market have difficulty working across a multi-vendor solution, and that also applies with Tufin. It works really well when you have a single vendor solution but it's just not as intuitive if you have back-to-back firewalls or you have a complex topology. For simple topologies, it works really well.
There are currently some issues with this solution but if things improve with the new version, which apparently has some enhancements, I would give them a higher rating. For now, I rate this product a seven out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Works at a insurance company with 10,001+ employees
APG saves us enorm time providing a new policy from millions rows of logs
Pros and Cons
- "The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs."
- "I would like to see better report integration in this solution."
What is our primary use case?
We use SecureTrack for troubleshooting, APG (Automatic Policy Generator), implementation of new requests, change monitoring, rule and object usage reports.
This solution provides an unified display of rules across vendors.
We use this solution e.g. for cleanup and processing of shadowed rules.
How has it helped my organization?
Using this solution saves us time and money. The Automatic Policy Generator saves time because we are able to identify the required policy when a client doesn't know what he needs.
We are able to perform an inventory analysis for colleagues.
What is most valuable?
The most valuable feature of this solution is APG, the Automatic Policy Generator. Further there are very good capabilities for policy browsing and reporting implemented.
What needs improvement?
I would like to see better report integration in this solution.
For how long have I used the solution?
I have been using this solution for ten years.
What do I think about the stability of the solution?
I would rate the stability of this solution a nine out of ten.
What do I think about the scalability of the solution?
The scalability of this solution is ok.
How are customer service and technical support?
The technical support team for this solution is very polite.
There was some functionality in the integration with Check Point that was initially working not in the best matter, and it was only fixed after Check Point got involved.
Which solution did I use previously and why did I switch?
We did not use another solution prior to this one.
How was the initial setup?
The initial setup of this solution was not complex. It was simple.
What about the implementation team?
Our in-house team handled the implementation and deployment of this solution.
What's my experience with pricing, setup cost, and licensing?
Tufin is expensive but it is very good.
Which other solutions did I evaluate?
We did evaluate other options. However, Tufin was the best one that we tried.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Tufin Orchestration Suite
March 2025

Learn what your peers think about Tufin Orchestration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
849,190 professionals have used our research since 2012.
Global Network Security Specialist at a pharma/biotech company with 10,001+ employees
Object look-up is valuable. When someone needs to know about a particular endpoint, we only need to type in the IP address.
What is most valuable?
Following installation, we mentioned to the SE what ports were on the rule already, and he responded that those were the right ports. So immediately, Tufin already saved us work. And there was already traffic to the destination of a requested rule that needed to just be added to another group. Previously, we would have had to make a new rule and type in the source destination ports. With Tufin, however, the group already existed and we just needed to add it to another group.
Object look-up is also valuable. When someone needs to know about a particular endpoint and what's allowed to it, we only need to type in the IP address and are then able to see every rule associated with that address line by line.
How has it helped my organization?
From the very beginning, Tufin has kept our rule set compact so that we don't have to keep stacking up rule after rule. We still have to analyze and find rules that are too open, but it helps use make the right rules in the right places.
It's also a huge deal to us to be able to see the configurations as they change over time, and to know which firewall is responsible for which segments. It allows us to look at all our firewalls at the same time and not have to SSH one after another. We've got it all right there with Tufin -- one pane of glass that shows us everything.
With new engineers to the company, I pull them aside and show them Tufin. Within one hour, they have all the information they need to start creating firewall rules. It's incredibly easy to use. I can't imagine life should it if it should go offline. It's made a huge difference for us.
What needs improvement?
I'd like to see code provisioning.
For how long have I used the solution?
It's been up for two years.
What was my experience with deployment of the solution?
We had no issues with deployment.
What do I think about the stability of the solution?
I believe we had one reboot due to a code upgrade. This was only a single incident.
What do I think about the scalability of the solution?
Our current machine handles all firewalls for one of our business units. We're at a point where we've ordered a larger one to handle 200 firewalls. We'll take the smaller one to have an additional collector. The scalability is very good.
How is customer service and technical support?
Customer Service:
Excellent.
Technical Support:These guys have been amazing. They will work tirelessly. I've only had a few calls, but every time I've had a call, the answer came through in a timely fashion and we got things sorted out. Usually it was user error, they told us, and they didn't lecture us about it.
How was the initial setup?
We simply turned it on, gave it an IP address, and logged into that IP address. Getting it set up with other firewall was straightforward, as was setup for interoperation with Active Directory. We now have group-managed logins.
Which other solutions did I evaluate?
We looked at FireMon because it's able to analyze rules. But for daily, operational stuff, such as finding rules that already exist and which firewalls are involved, Tufin is much easier and more efficient to use. It was a no-brainer.
What other advice do I have?
It already does traffic analysis and secure change. We've got the secure app so we can keep track of the business critical things. They shouldn't change that. I love the left-hand pane, and being able to navigate that and being able to see things in the split pane on the right-hand side. There are other vendors out there who will decide I need to just have everything at the top and scroll down.
The best thing to do would be get all your firewalls in there and let it bake overnight. It does take some time to collect the data in the config files. Once that's done, teach your help desk staff and the firewall operators how to use this to look up existing conditions and to determine right away whether a rule needs to be made, or whether a group needs to be added, or whether the rule already exists.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Engineer at a hospitality company with 1,001-5,000 employees
I like the compliance portion of the SecureApp feature, where you build your security database.
Valuable Features
We can identify rules that are not used. We can identify rules that are open.
When importing the devices, they made it nice where you can script it and import all the devices into Tufin. That was a nice little feature.
I like the SecureApp feature. That looks like it's pretty handy. The compliance portion of it, where you build your security database. It runs against that security database and figures out whether the correct ports are opened up or if there are vulnerabilities.
Room for Improvement
I know that in importing some devices, I think routers and switches showed up the same. Router would be layer 3 but they would only show up in Tufin as a layer 2 device. On the Cisco portion of it, there wasn't separation between that.
At this point, there aren’t any other configurations I’d like to see.
Use of Solution
I’m using SecureTrack basically to evaluate rule bases.
I have not really found any other side benefits. I don't really use it that much and it's relatively new. I don’t use any of the recording features.
Stability Issues
I wouldn't say we had stability issues.
Scalability Issues
We have, I think, over a thousand devices right now, and we haven’t had any scalability issues.
Customer Service and Technical Support
I’ve never used technical support.
Initial Setup
I was part of the initial setup. I imported devices but that's about it. It was pretty easy. You can put it in an Excel spreadsheet and import it that way or as a CSV file.
Other Advice
It's a pretty useful tool if you have a large environment with a lot of devices and you're trying to make it easier for the technicians to basically pawn the work off and make the application team more accountable.
With the limited knowledge I have of it and the limited use, I would probably give them an 8. I never give anyone 10's or 9's.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Network Engineer at a financial services firm with 10,001+ employees
It's able to give us reports that tell us which rules in our policies are not needed.
What is most valuable?
There are a few things. One is that from the portal people are able to request access. It is going to be able to stage the policy, add the rules or objects or whatever is needed for us so that all we need to do is push the policy at the time. It almost doesn't need a human being to be involved in the rule staging of provision process.
How has it helped my organization?
We've been using Check Point for 10+ years and some of the rules were converted from other systems, mainly from Cisco devices. The conversion process or the migration process is not the cleanest. We end up with rules that we call over-saddling. Rules which are really not needed.
We're talking about a ton of rules. We have policies that have 3,000 rules. It's able to give us reports that tell us these 10 rules or 100 rules in our policies are not needed. Either we need to fix the rule which was a bad rule or we do not need another rule.
What needs improvement?
One thing it's not currently able to do is remove rules. For instance, one of the biggest things is that we have a server what we call decommissioned. That means they no longer need it. Either the application is end of life or they bought a new server and they took on new IPs. But we still have rules that allow the IP, so there's a hole there. Right now you cannot say, "Hey, Tufin, this IP is obsolete. Please remove all the rules that allows this IP."
Another good thing is that Tufin has a good portal.
Which solution did I use previously and why did I switch?
We were using Skybox. Tufin has that fun end to the user which Skybox doesn't.
What other advice do I have?
I would recommend it.
With a tool like this, spend a few dollars to bring in their professional services to help out. Tufin is not going to be for a really small company. One of the important things is that you need to get your network team on-board.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Provides great visibility, allows us to automate the entire change process, and saves A LOT of time
Pros and Cons
- "Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc. If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers."
- "They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs."
What is our primary use case?
Some of our customers has Tufin, and we manage it. We're also planning to have our own Tufin that we're going to use as a leveraged service for all of our customers.
What is most valuable?
Visibility is its largest and most valuable feature. You can see everything or all the devices on the network for each customer. It provides you a larger view of what might be wrong with the network and how you can improve it with firewall rules, etc.
If you are talking about secure change, being able to automate the entire change process is pretty much the winner for us. It is going to really reduce the time that it takes for us to do changes, and we can just go out and get more customers.
What needs improvement?
They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs.
For how long have I used the solution?
We have been using this solution for three months.
How are customer service and technical support?
I have not contacted their technical support.
Which solution did I use previously and why did I switch?
We didn't work with any similar product, but we are just going with secure track and secure change, not secure cloud and secure app. That's all that we really need at this time, and obviously, we will work with Tufin in the future if we need more.
How was the initial setup?
A few of our clients have decided to implement Tufin themselves, whilst we just manage their firewalls. We were not involved in the setup of the management suite. However, after seeing the benefits of this, we have heavily considered the use of Tufin on a number of our other clients we manage.
We have identified that setup is a part of this and in our conversations with Tufin sought to address this. They offer a service for the full setup of the platform for use as an MSSP, and then providing a hand off service towards the end of this setup process which teaches engineers how to setup the remaining required devices.
For the full functionality, Tufin utilises all L3 devices on the network, so setup can be quite daunting. However, we identified that it would take ~30 minutes per L3 device, some of which can be done simultaneously. This is the biggest drawback to Tufin integration. However, Tufin can be used to some degree without this, meaning you can reap the benefits of it sooner rather than later.
What was our ROI?
What we found is that the return on investment will be pretty quick. This is because of the time saving that Tufin offers in FW changes, we can implement more changes at a faster rate. This has huge savings for employee's workload and the cost of their work. We have freed up a large majority of our FW engineer's time. The huge ROI we witnessed has resulted in us identifying that we can go to market to gain more customers and really broaden our customer base without the 'con' of hiring more people.
What's my experience with pricing, setup cost, and licensing?
Because we're quite a large company, the initial price wasn't too much of a factor for us. This is because the ROI was so significant for us.
Which other solutions did I evaluate?
We identified others, like Firemon and Skybox, however we found that they were not as mature as Tufin, not offering the same range of Firewall Vendors, e.g. Palo Alto, Check Point, etc., and the same level of automation.
What other advice do I have?
I would advise others to definitely work with Tufin and work out the best costs. Work out how soon you'll realize your return on investment. That has been a major kind of help. They've been brilliant in trying to help us develop a business case for using it, and then internally, I am sure there will be a massive help for implementing it in the future.
I would rate Tufin a nine out of ten based on the whole experience that we've had with it and the real kind of capabilities of the product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CyberSecurity Architecture Manager at a computer software company with 10,001+ employees
Easy to scale with good compliance and robust features
Pros and Cons
- "You can easily scale the solution if you need to."
- "The initial setup can be tough."
What is our primary use case?
We were primarily using the solution in order to grade the firewall rules.
How has it helped my organization?
How the solution benefits the organization is something that is currently being tested. We're considering doing something different, as we just used this product as a POC.
What is most valuable?
The compliance aspect of the solution is its most valuable aspect.
The stability is very good.
You can easily scale the solution if you need to.
The number of features is very robust - and there are a large number of features. That's a huge selling point, which is why its popularity is where it is.
What needs improvement?
I have heard many people complain that there is a high level of complexity. It may make it difficult to work with for some people. That said, I don't have those issues with the product.
The initial setup can be tough.
The product could use better integration with the cloud.
For how long have I used the solution?
I've been using the solution for years at this point, It's been a long time.
What do I think about the stability of the solution?
The stability is very, very good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. The performance is good.
What do I think about the scalability of the solution?
The scalability of the product is excellent. If a company needs to expand it, it can do so relatively easily.
In our case, while I don't have an exact user count, I can say that there were quite a lot of people on the product.
We're talking about shifting potentially away from Tufin, however, if we had kept it would have been used extensively.
How are customer service and technical support?
While other people have the opinion that it could be better, I've mostly been satisfied with the level of support we've received. They've been okay. I've had three or four run-ins with them and they were all positive experiences.
Which solution did I use previously and why did I switch?
I also work with AlgoSec. We use both solutions currently.
How was the initial setup?
The initial setup is not straightforward. It's a little difficult, a little tough. New users need to expect this before they get started.
Often, a consultant is involved in the process, as there is a large learning curve, and many companies don't have the bandwidth to ramp up the staff. Bringing on a consultant can speed up the processes a bit.
The deployment took about a month or so.
We're still working on how many people we actually require to handle the maintenance aspect of the product.
What about the implementation team?
Typically, we get a consultant for everything, however, this last deployment, in particular, seemed to be more challenging for the consultant and for the staff.
That said, our experience with the consultant was very good overall.
What was our ROI?
While we are getting what we need out of the solution in terms of functionality, I haven't really looked into an exact ROI. We got what we were looking to get out of it.
What's my experience with pricing, setup cost, and licensing?
The billing and licensing aspect of the product is not something I'm a part of. I don't have any insights into the costs involved in using the solution. I cannot see if there's just a flat licensing fee or if there are other costs needed on top of that.
Which other solutions did I evaluate?
We are considering moving away from the solution currently. We're looking for other options. We might shift towards FireMon, however, nothing is set in stone.
What other advice do I have?
We're just a customer and end-user.
We're likely not using the latest version of the solution. Currently, there is a team that directly supports it. I can't remember the exact version number off-hand.
I'd advise organizations considering the solution to do their homework first and see if they can find out from industry associations and professionals what their experience has been.
In general, I would rate the solution at a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Lead Engineer at a insurance company with 1,001-5,000 employees
USP and rule design are key features for us, but the business workflow needs improvement
Pros and Cons
- "It provides a real-time sense of how the policies are configured and whether there are any shadow rules. Another great thing is that it provides greater reporting based on how the rules have been set up."
- "There are at least two things that need improvement. One is the business workflow and the second is the integration with logging solutions."
What is our primary use case?
We are using SecureTrack and SecureChange to make policy changes.
What is most valuable?
For us, it's all the features that Tufin provides, including the
- USP
- rule design
- documentation
- implementation
- auditing.
They're all important. We could not have one without the others.
In addition, it provides greater visibility, once the setup is configured correctly. It provides a real-time sense of how the policies are configured and whether there are any shadow rules. Another great thing is that it provides greater reporting based on how the rules have been set up.
What needs improvement?
There are at least two things that need improvement. One is the business workflow and the second is the integration with logging solutions.
What do I think about the stability of the solution?
The product is stable. Regardless of the software we are running, the current or the new one, it is stable.
What do I think about the scalability of the solution?
The solution is scalable if we have to add more devices, more distinct resources, or also high availability. That's part of the solution. It's not like after-thought, it's there.
How are customer service and technical support?
Tech support is very helpful. If there are any issues, we bring them to support and they get addressed immediately.
What other advice do I have?
You should definitely be looking at this as in your top-two choices, before even considering any other solutions.
We are in the midst of a transition, going to a newer version. All the features which I talked about above, we want to implement them in a new production infrastructure. We are working with Tufin and Professional Services very closely, so we can enable it. There is the old way - the way we are using it - versus the way we want to. It is not there yet.
Currently, it's not helping us meet compliance mandates, but the new way will definitely help us to meet them. In addition, once we go with the new way of doing things, the solution will ensure that security policy is followed across our entire hybrid network. At that point it will follow business practices.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Firewall Security ManagementPopular Comparisons
FireMon Security Manager
Skybox Security Suite
Palo Alto Networks Panorama
AWS Firewall Manager
Azure Firewall Manager
ManageEngine Firewall Analyzer
Cisco Security Cloud Control
Buyer's Guide
Download our free Tufin Orchestration Suite Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between AlgoSec and Tufin?
- Which lesser known firewall product has the best chance at unseating the market leaders?
- Comparing network security vendors and devices
- When should companies use SSL Inspection?
- When evaluating Firewall Security Management, what aspect do you think is the most important to look for?
- What are the most important features you would be looking for in a firewall?
- How do I estimate the required firewall throughput for my organization?
- What are the pros and cons of Tufin, AlgoSec and RedSeal?
- Tasks to Perform on Preventive Maintenance.
- Why is network segmentation important?