Security Policy Orchestration for Forcepoint Stonesoft Next-Generation Firewalls
Tufin centralizes network security policy management, automation and orchestration across network devices on-premises and in the cloud, including Forcepoint Stonesoft NGFW, Forcepoint Sidewinder, routers and switches.

Tufin and Forcepoint Stonesoft Next Generation Firewall (NGFW) work together to provide organizations with comprehensive, application-aware network change management and automation.
Benefits of Using Tufin with Forcepoint
- Seamless integration with Forcepoint Sidewinder to enable the addition of the Forcepoint Stonesoft NGFW as part of the organization
- Centralized management of security policy across multi-vendor firewalls and cloud platforms
- Proactive risk analysis and impact simulation
- Implementation of network changes securely and accurately in minutes
- Define and manage a global security policy across heterogeneous platforms
- Continuous compliance and audibility with industry standards and enterprise security policies
- Automatically tighten permissiveness across firewalls based on traffic history with Automated Policy Generator
About Forcepoint Next-Generation Firewall
The high-availability Forcepoint NGFW protects enterprise networks with real-time updates, an intrusion prevention system (IPS) built-in VPN, and mission-critical application proxies in a single console. With anti-evasion technology that decodes network traffic, and block cyber attacks, Forcepoint Next Generation Firewall is one of the most efficient, scalable NGFWs out there. Built for a high level of security and throughput, Forecepoint NGFW helps IT and Security teams:
- Implement, monitor, and adjust intelligence-aware security controls from the Security Management Center (SMC)
- Push global, unified policies with built-in secure SD-WAN and zero-trust network access controls
- Gain deep visibility so you can quickly identify vulnerabilities and security risks and mitigate them at the earliest stage
- Scale changes using a centralized management administration platform
- Automate and orchestrate network architecture for high scalability
- Enact effective security measures including IP Packet Fragmentation/TCP Segmentation, false-positive testing, and web filtering for QUIC & HTTP/3
- Deploy across a hybrid cloud, including appliances, data centers, and the cloud
- Mix broadband and private MPLS circuits to connect remote offices, on-site offices, and branches
- Conduct URL filtering in HTTP and HTTPS requests
- Keep data secure with built-in IPsec and SSL VPN
- Identify network traffic, applications, and users at a granular level to apply correct business rules
- Deploy advanced malware detection and expose advanced evasion techniques
Business-critical apps must have resilient network security, and Forcepoint NGFW ensures minimal downtime and top notch performance. Their numerous built-in security capabilities ensure your business can secure your networks, cloud-based applications, data centers, and endpoints.
Forcepoint Next-Gen Firewall holds a number of certifications, including ANSSI, CSfC, DoDIN APL, Common Criteria, and more. Most of their high-performance models have long lifespans and are easily reconfigurable, delivering tremendous performance and value.
Visit the Tufin Knowledge Center for supported devices, platforms and version numbers.

Related Resources

FAQs
APG is a powerful feature available with Tufin’s SecureTrack subscription that assesses your firewalls rule sets against historic traffic logs to determine which traffic is necessary to define a least-privilege ruleset that you can push out to the device to tighten permissiveness.
Tufin is the most extensible solution in the network security policy management market, supporting virtually any firewall vendor available, including Cisco, Palo Alto Networks, Check Point, Juniper, ManageEngine, Fortinet and many more.
Yes. Tufin is able to centralize the management of NGFWs, traditional firewalls and cloud-based firewalls, as well as managing security policy for cloud security groups.