Firewall optimization analyzer and management

Improve your firewall management with automated clean-up, decommissioning and recertification.

Get a demo

Improve productivity by automating firewall optimization

Existing manual approaches to firewall management operations are too slow and error-prone to be effective in today’s environment. The growing complexity of enterprise networks requires more changes, across more platforms, faster, with fewer headcount. 

Automatically identify, locate and remove obsolete or unused rules or sets of rules. Decrease your security risks without decreasing productivity. With our network analysis and automation tools, you can efficiently optimize rules to maintain security policies across a heterogeneous, ever-changing network.

Tufin customers can decommission a rule, an object, a server or an application, across their entire network, from a single pane of glass.

We knew we were spending too much time on tasks like application deployment and decommissioning, and wanted to manage application-related firewall changes from a business process perspective instead of hunt for connectivity data spread across our entire infrastructure. We found nothing on the market and even considered developing and implementing our own tool. When Tufin showed us SecureApp our requirements were almost identical, and we immediately moved forward.
Head, Telecommunications, SIX

Benefits of Using Tufin

Tufin allows even the most overloaded firewall teams to easily identify and decommission unused rules and objects across vendors and platforms. Simplify mundane firewall change management, clean-up and maintenance tasks. Automate your firewall optimization and increase the operational efficiency of your team.

Rule, server & application decommissioning

Overtime rules become outdated and obsolete as policies, servers or applications are decommissioned. Managing with manual approaches is cumbersome and time consuming. With Tufin, you can automatically identify unused rules, rules required to access a server or rules required for a given application, and automatically remove these rules from your firewalls, across all vendors. In addition, you can also modify services in rules. This becomes especially handy when you need to do routine policy clean up, modify network access, or quickly block risky services.

Server cloning

Duplicate server access across your complex, fragmented network, automatically. Tufin Orchestration Suite enables you to add access permissions for new servers into your security policy, modeled on an existing server in your security policy. Reduce the time and effort associated with this repetitive task and ensure accuracy and auditability.


Automate the recertification process to track, monitor and manage the expiration of firewall rules. Specifically, automatically identify expiring rules, speed up processing with full visibility of rule metadata, and automatically recertify rules across vendors and platforms. Maintain continuous compliance and simplify audit preparation.