1. Home
  2. Blog
  3. Firewall Best Practices
  4. Tufin: The Ultimate Heterogeneous Hybrid Mesh Firewall Management Solution

Last updated March 11th, 2024 by Tim Shea

The landscape of network infrastructure deployment has undergone a significant transformation, catalyzed by both pre-existing macro trends and the acceleration brought about by the COVID-19 pandemic.  

Prior to COVID, our customers experienced three significant macro trends impacting how they deployed their network infrastructure:

  • The shrinking of the core on-premises network 

  • Expansion of the Edge (i.e., SaaS, branch office, and remote workers) 

  • The adoption of public cloud  

COVID accelerated the adoption of these macro trends since the shift in network infrastructure forced companies to pivot their operations virtually overnight. Today, a significant amount of our customers’ applications, data, and users are in the cloud or on the Edge. Security controls have followed this migration. Our customers increasingly deploy network access controls (i.e., firewalls) on the Edge, Public Cloud, and on-premises. 

Gartner states, “By 2025, over 50% of network firewall deployments will involve more than two deployment factors from the same vendor—up from less than 10% in 2023.” As an example, as a Fortinet customer, your Fortinet FortiGate firewall will be deployed on-premises, as a virtual instance in Amazon Web Services (AWS) and for software-defined wide-area networking (SD-WAN). The same is true for the other firewall vendors.  

Here’s where hybrid mesh firewalls come in. Hybrid mesh firewalls, which are relatively new, are essentially a policy management construct that allows you to manage all your single vendor firewalls— regardless of where and how they are deployed—via a single management console.  

Tufin customers who deploy Cisco Firepower as an appliance on-premises and as a virtual instance in Azure are one example of this. Both the appliance on-premises and virtual instances in Azure are managed by the software as a service (SaaS) version of Cisco Secure Firewall Management Center (cdFMC). In this instance, customers use cdFMC to manage their security policy. 

Heterogeneous Hybrid Mesh Networks

A common component of this that all Tufin customers experience is that they have deployed heterogeneous networks. In other words, these customers have multiple vendors deploying firewalls across their infrastructure.  

Here’s what we mean. Let’s take a customer who:  

  • Deploys Palo Alto Networks next-generation firewall (NGFW) appliances in their New York City data center  

  • Deploys virtual Palo Alto Networks NGFWs in Azure  

  • Leverages Check Point for their manufacturing locations in Europe and FWaaS applications 

  • Uses Fortinet SD-WAN for their worldwide sales branches  

  • Uses cloud-native security controls for their GCP and AWS workloads  

Managing this network’s security policy is complex and intricate. As you might imagine, troubleshooting access issues between the enterprise resource planning (ERP) system in New York City (Palo) and the branch sales offices (Fortinet) is challenging because the access crosses multiple vendors’ infrastructures.   

Similarly, provisioning a new access request between the manufacturing sites (Check Point) and their workloads in the cloud (cloud native) is equally difficult. Multiple vendors, multiple management consoles, and manual information consolidation result in delays, errors, and additional costs. 

Meeting Compliance 

A second common pain point our customers navigate is responding to audits and ensuring continuous compliance. To take the example above, meeting compliance and audit standards in such a complex, heterogeneous infrastructure is both time-consuming and costly. 

Here’s how Tufin helps our customers manage security policies across their complex and heterogeneous networks.  

Building on the term hybrid mesh firewall management, I would like to add the word multivendor. Multivendor Hybrid Mesh Firewall Management encapsulates how Tufin is the connective tissue that consolidates security policy management for these multivendor hybrid network deployments into a single pane of glass. 

By leveraging Tufin to abstract security policy management away from the underlying infrastructure, our customers deploy, operate, and secure an increasingly complex and agile infrastructure to support the needs of their employees, customers, and suppliers.  

Here are additional ways Tufin enables our customers:  

  • Attain pervasive visibility of their network topology and configuration 

  • Centrally manage the change control process 

  • Automate workflow across network and security operations teams 

As a result, our customers reduce the risk of breach and non-compliance, increase speed and agility, and save money on operational expenses.  


Enterprises everywhere face the challenge of managing heterogeneous networks, characterized by multiple firewall vendors across various infrastructure components. This complexity introduces operational challenges, including troubleshooting, provisioning new access requests, and ensuring compliance with regulatory standards.  

Tufin consolidates security policy management into a unified platform by offering heterogeneous hybrid mesh firewall management. By abstracting security policy management from underlying infrastructure complexities, Tufin enables organizations to deploy, operate, and secure agile infrastructures effectively. 

As a premier security policy management partner, Tufin collaborates with leading firewall vendors to provide integrations and support across a wide range of their products and services: 

To learn more, get a demo today 

If you’re interested in learning more about hybrid mesh firewalls, here are additional resources:  

Don't miss out on more Tufin blogs

Subscribe to our weekly blog digest

In this post:

Background Image