The do-it-all firewall manager

  • Access request tickets trigger an automatic network change workflow.

  • Automate firewall optimization from a central control plane for better network performance and easier migrations.

  • Configure and deploy policies for existing or new resources and member accounts with endpoint security firewall policy.

  • Define firewall policy scope and deploy it in real-time

  • Enable DevOps agility with locally authored firewall policies

  • Deploy and monitor web application firewalls (WAF) and WAF rules to protect apps across your hybrid environment

  • Scale by size of policies, ACLs and routing tables, as well as number of monitored devices, volume of traffic logs, number and size of change requests, number and frequency of API calls (including API gateway integration), and more

  • Control your firewall policies from one or multiple firewall manager administrator accounts

  • Integration with Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) giving you visibility and control over security groups, Azure Firewall, GCP Firewall and more.

Centralized firewall manager

The Tufin creates a single console to consolidate and automate multi-vendor firewall management.

  • Gain at-a-glance, real-time policy violation reporting.

  • Eliminate manual firewall audit tasks and reduce audit time by up to 90%.

  • Automate network access changes from request to provisioning, all within a zero-trust framework.

  • Create application templates or create workflows from pre-defined templates.

Stronger network security, better rule cleanup

Easily maintain security policy hygiene and streamline firewall rules with real-time visibility and reports of unused, disabled and shadowed rules. With Tufin, IT teams can automate the rule decommissioning process for simpler policy management.

Automated firewall optimization, improved cybersecurity posture

Mitigate network threats like protocol and DDoS attacks before they disrupt critical resources. Tufin’s Automatic Policy Generator helps tighten firewall rule groups that are too permissive and will suggest least privilege alternatives based on traffic history. By automating firewall management, Tufin allows network security and network operations teams to regularly and repeatably operationalize firewall optimization.


Is Tufin a firewall manager?
Yes, Tufin is a firewall manager that enables security and operations teams to manage their firewalls from a central control plane. Tufin also enables centralized policy creation and implementation. While Tufin is not a security management service, it ensures teams can automate security policy across hybrid cloud environments. Tufin is also platform-agnostic and integrates with your team’s important tools, including many AWS security tools.
What are VPC security groups?
A VPC security group is a virtual private cloud group that operates as a software firewall. Rules that exist within a VPC apply to individual network adapters. Within VPC security groups, you can apply multiple security groups to a single network adapter to combine rules from various security groups and apply them collectively to the adapter. Security group rules grant permission for a certain type of traffic, and denies traffic unless there is a specific rule that allows it.
Are there any prerequisites for the Tufin firewall manager?
There are some general hardware requirements, but more precise hardware requirements can be calculated based on factors like total number of monitored devices, number of concurrent users, number of sites, rules per device, syslog/LEA traffic rate, rule base complexity, and whether HA/DA is implemented in your environment. Explore our hardware requirements and recommendations.

Get the visibility and control you need to secure your enterprise.

Only Tufin provides automation and a unified security policy, from on-prem to cloud, across NetSec and DevOps.

Get a Demo