Security Policy Automation for Palo Alto Networks Panorama and Firewalls
Gain holistic visibility, change automation and change management across hybrid environments that include multi-vendor devices and cloud platforms.
Managing firewalls across complex, multi-vendor network environments to keep up with business demands produces ongoing pressure for enterprise IT and security experts. The lack of network security visibility and centralized management hinders their ability to deliver services and applications with speed, security and accuracy.
Tufin is a Founding Member of Palo Alto Networks Fuel User Group, a user-led, non-profit group exclusively for PAN customers interested in advancing their existing knowledge of information security, especially in the cloud.
Tufin Orchestration Suite integrated with Palo Alto Networks Security Policy enables teams to:
- View and track changes on Palo Alto Networks Next Generation Firewall (NGFW) policies, including User-ID, App-ID, FQDN, Content-ID (Security Profiles), Dynamic Address Groups, and Panorama Device Groups
- Centralize network security management by automating cleanup and access change workflows across multi-vendor devices and clouds, directly from the Tufin console.
- Apply granular policies and automatically manage access changes for custom applications, providing full visibility, reporting, and control of all traffic for any app type (custom/predefined) on your network
- Enrich Cortex XSOAR playbooks with network intelligence and change management
- PANOS Firewalls
- Panorama Devices
For more information on supported devices, platforms and version numbers please visit the Tufin Knowledge Center.
What is PAN-OS firewall management and how does Tufin augment it?
PAN-OS powers all of Palo Alto Network’s next generation firewalls across hardware, virtual machines, containers, and cloud services. PAN-OS gives your teams a central management interface with complete visibility and application controls across devices.
Tufin, enables automated firewall configuration and change management across PAN solutions, as well as the other vendor devices across your network, so you can consolidate and centralize the work of security policy management on single console.
With PAN-OS, teams can:
- Configure high availability across PAN-OS functionality and determine your Active/Active use case
- Log administrator actions and set up administrative access to protect your firewall against unauthorized configuration
- Ensure security across all networks, from data centers to the cloud
- Easily search candidate configuration on a firewall or Panorama Management Server for a particular string with Global Find
- Classify traffic with App-ID, which automatically detects and controls even the sneakiest of new applications
- Remain audit ready with automatic log collection
- Simplify authentication and enforce zero trust with protection from phishing attacks
- Use the API keys to authenticate API calls to the XML API and REST API
- Execute arbitrary OS commands and escalate privileges with an OS command injection vulnerability in the PAN-OS web interface
- Create a policy rule base for devices independent of changes or updates to location or IP address
- Configure log forwarding from all Panorama or external services for optimal network activity visibility
- Configure log storage so that expired logs delete automatically
- View graphical traffic depictions in the Application Command Center (ACC) for actionable network intelligence
- Scan, understand, and control network traffic for comprehensive threat prevention
- Perform security functions in one quick scan, making your teams more agile and reducing complexity
- Perform decryption of TLS and SSL encrypted traffic to fend off malware attacks
Palo Alto Networks’ Panorama devices help IT and security teams automate firewall configuration and security management to simplify network management while minimizing the number and duration of threats on your network.
Tufin, enables automated firewall configuration and change management across Panorama devices, as well as the other vendor devices across your network, so you can consolidate and centralize the work of security policy management on single console.
Panorama devices enable teams to:
- Set up and manage firewall by group based on criteria they define
- Maintain consistent firewall rules across your network with URL filtering, threat prevention, access control, and more
- Easily visualize and monitor network activity, threats, and blocked activity from a centralized management dashboard
- Perform routing functions across a variety of ports and protocols
- Create new rule sets quicker with preconfigured templates, or create device groups, role-based access control, and policy tags tailored to the needs of your organization
- Scale easily as your firewall deployments grow
- Easily add new firewalls to your network