Tufin Orchestration Suite Reviews

What I like most is the end to end view which is quite important for supporting the design teams.

In the design team, everything is based on things that already exists and Tufin helps us make changes safely.

I'd like to say SDN needs to be improved. This is the key and where the revolution in technology is going. This is something you need to be aware of as the legacy devices are not compatible with the SDN devices.

As far as I know, it’s OK.

It's been able to scale for our needs. What we have is OK.

Great. I’m not in a direct relationship with them, so it’s indirect but it's OK I think.

We didn't look at any other solutions.

I think we’re not using it for all the devices we intend to use it for, but somewhere in the middle. It works, it's as simple as that because we noticed the difference after we got it working, and we immediately saw the advantages of having it.

The most valuable feature is the ability it gives us to browse our entire infrastructure and easily find which rules match our policies. Tufin also helps us to clean up our firewall rules by suing the object browser throughout our entire infrastructure.

Tufin has allowed us to do much faster analysis. We don't have to analyze the entire rule set anymore because it tells us whether each specific rule matches policy or not.

I'd like to see more features implemented into Tufin to help us with automatic monitoring of our firewall environment.

It's quite stable. We've had no issues with instability at all.

We don't have firewalls all over the world, just a part of it. For the number of firewalls we have, Tufin works fine.

For the project I worked on, there were some things that didn't work quite well enough, so I got the impression that customer service had different expectations from technical service. I used it as an opportunity to tell customer service that we should work on the project and finish the concept before talking about pricing. But they thought we only needed the standard product, but for me it was clear that our evaluation showed we needed something more.

I was only involved in the POC, and I didn't have any big issues with it. So I didn't have a lot of contact with technical support.

When the decision for Tufin was made, I was not yet in the company. I've performed several upgrades since, and they all went well.

We also evaluated AlgoSec and FireMon, but we're staying with Tufin as it's our first choice. We only looking at other vendors because we found that during our evaluation of Tufin, there were some features that weren't implemented. We didn't make any progress on the other evaluations, however, because we didn't want to invest the money in them when we had the feeling that they weren't going to do what we expected.

Tufin SecureTrack has been great for us.

Our primary use case for this solution varies on the customer's needs. However, we primarily use it to augment the safe firewall and consolidate various firewall vendors.

The consolidation of other firewall vendors is very valuable because many customers have different firewalls and the management administration has to be done differently. However, with Tufin SecureCloud, you can do things together.

The reporting during the initial setup could be better by including more automation, and the pricing should be reviewed, as it is a little too high.

We have been using this solution for two years.

The solution is scalable.

We have had a decent experience with customer service and support. The response time has always been within 24 hours, so we usually get a response within several hours of logging a technical issue.

The initial setup was straightforward, and it took us approximately 24 hours.

The licensing costs are charged annually but are higher than similar products.

I rate this solution an eight out of ten. The solution is good, but the reporting available could be improved, and the pricing could be reviewed as it is costly. Nevertheless, I recommend this solution to any organization that wants to implement a firewall analyzer. Additionally, I would advise new product users to read sections in the recommended requirements and ensure it is properly communicated to the vendor they choose to work with.

The most valuable feature for us is the configuration control. This helps us to comply with company policy.

We can very quickly understand the admin configuration made by the administrator.

Also, year to year the policies always grow and every day we need to check and remove rules, policies, and objects that we already have. So another very helpful feature that we use is that we take from the policies unused objects that have not been used in a long time.

We need to include more products from different vendors, but we need a universal solution to make our installations different. For example, with the web application firewalls, we need to control them. With the ideas system, we need to control them too, and if we talk about ideas and we have the solution from different vendors who have their own names for the same security checks and customer, we as an integrator need to get a deeper understanding of the difference between the different configurations.

There's also another issue. I have a very big customer, but they have some offices where they placed a check point at the wrong end. They have multiple branches, and for different branches they have a management server, but each branch needs a solution like Tufin because if you talk about every branch, it's like another big company with their own branches. We don't have the option to place Tufin at certain branches because we don't have administration rights at the branch. We need another way to use Tufin without the administration rights.

We've had no issues with deploying it.

Two years ago we had some problems with stability, but now it's resolved. Since then, we've had no issues with instability.

It's scaleable for our needs. We've had no issues with scalability.

I think technical support has worked well for us.

We use it mainly for rule base analysis. We do a lot of customs and they always have complex custom rule bases, so we need to be able to go through the rule base and also to optimize the rules.

We don't use it on a day to day basis. Obviously we're running it all the time but we only need to look at it once a month when we do a review. It's not something that we use all of the time. When we do perform a review, it gets passed across to the lead engineers for that particular account to look at the rule bases and agree on what we're going to do with it and then they sort it out.

One of the things that I think they're all missing is something that Indeni does where they mount the boxes proactively for us.

We've been using it for around four, maybe five years.

We have had no performance issues.

We did have an issue with load on the original machine but that was actually our fault. We've put it onto new servers now and haven't had a problem.

They're very, very good.

There's obviously some complexity to it because you've got to open up rules for the rule bases in order to talk to firewalls, but it was easy.

We also looked at FireMon. One of our presidents chose Tufin. I don't know which project it was chosen for, but I knew once it was chosen, because we deal with the development and it was decided we would only have one standard solution.

If you follow the instructions you're good.

At the moment, it's that it takes the changes made during the day and runs a report during the night so that we can go back and if there was an issue, see if it had something to do with changes that we made in the firewall.

Day to day, if you have a problem you can go back and see if it could be something that is related to a change that you made, because the time of the change is the same as the time the problem appeared. Then we can roll back.

It's not only the firewall rulebase we are interested in, but also application control and URL filtering and they don't do this at the moment. Once they can handle this, then they will get a better rating.

We've been using it for three or four years.

It's absolutely stable.

We are large, but we have no problem with scalability. We have less than ten firewalls and it handles the traffic well.

We're not in touch with Tufin, and haven't had to contact our partner much either.

It was easy. More or less, it's just plug n play.

Our partner/reseller installed it for us.

We also looked at AlgoSec, but I don't know why Tufin was chosen as this was decided by senior management.

Once the application control is in the system, it is a great product.

The SecureTrack and SecureChange features are the most valuable for us. SecureChange can work with different appliances. The integration between topology, security, and workflow is powerful, and the workforce capability to create a lot of different scenarios is great.

We use SecureChange because we have separate views to see those who are compliant with rules, those who are on probation, and the managers. The integration with our system is quite good, which is important because we have 5000 firewalls. Fortunately, we don't have a lot of rules but there are many people who can make and change rules. With this approach, Tufin has become a very powerful tool for us by creating an automatic implementation.

I would like to see a powerful integrator for automation in the environment.

We haven't had any issues with deployment.

We've had stability issues because it's a heavy solution. It takes a long time to get up and running, and when we migrate releases, that's an issue.

We've had no issues scaling it for our needs.

Our experience with technical support has been mixed. Sometimes we've gotten prompt responses; sometimes we didn't. We're also very, very busy and it's difficult for anyone to find time to work with technical support. Our last trouble ticket took two months before they asked us if we were ready for a fix, but we were all busy!

Implementation is complex now and the two-track environment is very stressful. I'd like the capability to put different rules within the appliance in order to manage the implementation.

We implemented it ourselves.

The module we have used the most is SecureTrack. Our technicians use that for firewall audits and analysis. We use other drivers due to PCI regulations, so we have to have proper reporting compliance, change management, and network changes. Also in our road map is to implement secure change.

Based on the work our technician has done on it, I think it serves the purpose we brought it in for. The only issue we have had is that we have been working a long time, from the build and configuration, and we still have one issue that our Palo Alto devices are still not reporting correctly to Tufin and that needs to be resolved. I believe it’s a software compatibility issue, so it might require an update on our side. That’s still an outstanding issue. We have a known issue integrating Palo Alto, but if they have a roadmap with other customers we would love to know.

We've used it for almost a year.

Performance is good and any queries we run are smooth and straightforward. But we haven’t loaded too much on yet. There’s a lot of build still to come. For the basic purpose of what we are using it for, it’s pretty good.

They are knowledgeable and available. I've had no issues with professional services.

Exactly because we had no firewall analyzer or a compliance and reporting tool, we brought it in. We have business requirements like PCI, and we are yet to use it for reporting or secure change.

We just put it in to the rack, consoled in, and did the basic set up.

We did it ourselves. Just looked at the PDF.

When I did the self-service for licensing, I encountered some issues. Perhaps it’s because I didn’t know how many we had purchased before I had arrived, as it was sold through a WebEx.

Pretty good, very supportive, understanding and recognizing we need to move in a phased manner. They are definitely in it for the long term. Support and professional services, we will require going in to the future.