Tufin Orchestration Suite Reviews

I have used Tufin for traffic analysis, to check the traffic hitting a specific rule, for rule consolidation and so on. It’s really helpful. For my usage, it's very good.

We would like to see historic reports for the device, for a policy, for rule consolidation, and for rule optimization.

Also, it's pretty slow for us. Just to run an analysis for a single rule, we need to wait at least five minutes.

We had a couple of stability issues before, when we were running on our old core. We used to not get the reports as we expected. The Tufin used to get disconnected from the device and just not provide the exact reports such as the hits on the rules.
Over the last year and a half, we upgraded twice, and right now it's pretty stable.

It has been scalable for our needs.

Technical support is really good. They're supportive.

We've been using AlgoSec as well for analysis. We use both Tufin and AlgoSec for our reports.

It's a good tool. We would need a view of all the tabs, for the analysis. If it's pretty fast, that should be good for us.

Our primary use case for this solution varies on the customer's needs. However, we primarily use it to augment the safe firewall and consolidate various firewall vendors.

The consolidation of other firewall vendors is very valuable because many customers have different firewalls and the management administration has to be done differently. However, with Tufin SecureCloud, you can do things together.

The reporting during the initial setup could be better by including more automation, and the pricing should be reviewed, as it is a little too high.

We have been using this solution for two years.

The solution is scalable.

We have had a decent experience with customer service and support. The response time has always been within 24 hours, so we usually get a response within several hours of logging a technical issue.

The initial setup was straightforward, and it took us approximately 24 hours.

The licensing costs are charged annually but are higher than similar products.

I rate this solution an eight out of ten. The solution is good, but the reporting available could be improved, and the pricing could be reviewed as it is costly. Nevertheless, I recommend this solution to any organization that wants to implement a firewall analyzer. Additionally, I would advise new product users to read sections in the recommended requirements and ensure it is properly communicated to the vendor they choose to work with.

Our primary use case is for change audit.

My team uses it heavily to audit the changes made by junior engineers, going back and figuring out what they messed up, and correcting their mistakes. We generate reports for customer compliance and audits, as well as for regulatory audits.

We use it to generate reports that we are in compliance, but don't necessarily use it to mitigate any compliancy requirements then only to report on them.

The historical reporting is the most useful feature that I use the most often. 

For what we use it for (change auditing), the visibility works great.

We don't have any issues with it, but the reports could be easier to read and more customizable. Also, capturing some of the different versions, and being able to dig through them could be a bit better.

The stability works, for what we've been using it for. The system has been up and running for at least a year and a half without any issues. The only time we do anything with it is when we upgrade it or patch it, but we have never had any performance issues or it falling over.

The way we deployed it is sufficient for what we're using it for. We haven't really had to scale it.

We tend to not have any issues with it, so we don't need to use support very often. For what we are using it for, it does exactly what it is supposed to, and we don't have any issues with it. 

We did contact technical support when we had an appliance, then we migrated it over to a VM and it was moving some of the data from the old code format to the new one. We have also had upgrade problems with it randomly breaking on us. 

My team has had a pretty good response from the technical support.

We had a bunch of issues with junior engineers causing problems and people not knowing what was changed or what happened. We needed a solution that produced very easy to understand and quantifiable change reports. 

We had a home-built solution before Tufin had maintenance issues because it was our own,  and we had support issues with it. It sometimes worked, and sometimes didn't work. Tufin was a very easy shoe-in replacement for that solution.

The setup was pretty straightforward. The documentation was pretty clear in terms of what you had to do. It was just the case of executing it.

We deployed it ourselves. 

For our numerous cases where outages had been caused by engineering errors, our ROI is in the ability to quickly go and see what the person did and fix it. Tufin reduced the time it takes to solve a problem, which reduces the time of the outage. It does have a cascading effect, but I can't quantify it to dollar amounts.

It has been a few years since I've looked at anything else.

I would rate it a seven out of ten mainly because it does everything really well. In general, it still does what it's supposed to do, and we don't have any issues with it. 

I would advise someone considering this solution to know exactly what you need before you start the process. Be very thorough, because the devil is in the details and you need to know exactly what you want and need. Then you'll be able to tell which solution is better, and which one gives you the better return on investment. 

The first one is the policy analyzer to help the network facility to remove objects and the server needs an object, an appliance object.

For the first one, we were able to reduce the number of rules, and the signaling one is about the compliance. We have many security rules to define the flows between the security zones, so we put all the rules under 13, and then we can generate reports.

It needs more compatibility with older firewalls.

We have no issues.

We have 2000 employees, and it's been able to scale to meet our needs.

Very easy. We got the license, and we got all the roles and information from the firewall to generate reports.

Prior to implementing, you need to know the needs for each project. If you know the needs, you will probably meet expectations.

It's very easy to document every change that has been done to auditors or internal auditing, but also to troubleshoot when you have more than one person taking care of your policies. So we're able to very easily and very quickly find out what our colleagues did and to mitigate that if it has caused any problems.

It seems to be stuck between the usability of a browser-based application and a full application. Part of my feelings about this have to do with my perception of working with web applications, and there tends to be almost natural laws that something might get stuck or the browser gets confused, things like that which could use some improvement.

We've had no issues with deployment.

I haven't seen any stability issues. We actually seldom see issues with the product, so the experience with the support is not that common, but I think the issues we've seen have been handled quite well.

It scales very easily. I'm in a market where a 5000-user company is a large company, so there's definitely no problem there, but I easily see that the solution can scale far larger than that.

They are responsive and quick in terms of technical support.

The basic installation is very easy and it's quick getting things up and running. Where there tends to be the problem is, and it's not really a Tufin issue but more a customer issue, how to really work through the policies and get the full value of the products. It's very easy to get started, and when you first get started, the further steps where you begin to make your change to your app, there are a lot of organizational work that needs to be done to get the full value of the product. This tends to be the issue with most companies.

We implemented it with our in-house team.

This is true for Tufin and as well for many of the security vendors and their products. I think it's very important just to get started or get the easy wins first, and then go to the solution afterwards. With Tufin, I think it's very, very easy to get big easy wins up front with all the documentation and all the tracking, just to get started and move forward from there.

Our customers use Tufin to manage multiple firewall access rules through a single console. We have done on-prem, public, and private deployments of this solution.

It provides very good reports. It can easily integrate with multiple firewalls, such as Cisco, Juniper, Palo Alto, and Checkpoint. 

We can push a policy from Tufin to a firewall, which is a very good feature. We can monitor all access rules and the operating system of a firewall.

Currently, we are able to monitor access rules and the operating system of a firewall. It would be great if we can also monitor the configuration of the firewall through Tufin.

I have been using this solution for the last three years.

It is very stable. It has good stability.

It has very good scalability.

Their technical support is good.

Its initial deployment is not very easy. It is a little bit complex. After the deployment, it is easy to work with it in the GUI. Its deployment takes at least two or three days.

Customers usually evaluate AlgoSec. 

I would advise others to go for it to manage firewalls from multiple brands in a single console.

I would rate Tufin a nine out of ten.

The primary use case of this solution is for monitoring, automation, policy orchestration, and security.

The most valuable feature is the monitoring. I quite enjoy the monitoring this solution provides. It allows administrators to visualize the traffic flow, and troubleshoot when necessary. It's a useful tool.

The interface is quite user-friendly and intuitive.

The cost of this solution should be improved.

They need to offer more support to vendors, such as Cisco, Checkpoint, Fortinet, and Forcepoint.

They have an API, but it needs more service on this.

While technical support is good, they could still improve.

I have been working with Tufin for one year.

It's a stable solution. There are some bugs that they are working on but that is common with any vendor.

They do mention that they don't support specific features from Nexus for some automation but it does actually work, although it is not listed as working.

Technical support is relatively good. They are not the best but they are good.

They could improve but they do respond with accurate responses.

The initial setup was straightforward. It was deployed in less than an hour.

The first time without training, it took an hour or so, but it was quite easy.

It's quite an expensive solution.

I would recommend this solution to others who are interested in using it.
I have not worked with any other vendors with this type of solution, for example, FireMon. I haven't worked with it. 

I would recommend it specifically to start with a secure track, which is a monitoring tool. Once the customer sees it, they want the solution. Afterward, for automation and secure change.

I would rate Tufin an eight out of ten.

We use it to track changes and the policies that we've implemented into our system.

It allows us to evaluate and build matrices, and see how rules work with it to see whether they are secure.

The biggest benefit of this is that it allows us to see how security functions as a hole. Also, it lets me see where the holes are and how things function.

The rules and configurations can be clunky. I have to wade through different things to get what I'm looking for, but the more I use, the more it makes sense to me.

The company has used it for 2 years, but I've used it for 1.

No issues with stability.

The scalability has been great, and we've implemented it on 25 devices now.

The implementation is straightforward.

I did it in-house, but tech support helped me walk through it and find missing pieces.

Try to get a training course on what it can do, so that when you go to implement it you can get the most out of it. If I had known all the features from a training class, I would have implemented it differently from the guy who did it for us.