Centralize visibility and simplify policy management with Tufin and Zscaler integration

Today's application workloads are highly dynamic and distributed across the hybrid cloud, where network and security teams need to deploy and manage multiple vendors’ network security enforcement points to enable secure workloads communication. Unfortunately, managing security policies via siloed tools leads to incomplete visibility and complex, time-consuming daily operation.

The Zscaler Cloud Firewall, part of the Zscaler Zero Trust Exchange, and Tufin Orchestration Suite integration provides admins with centralized visibility into Zscaler Secure Access Service Edge (SASE) policy rules alongside other vendors' policies to help simplify and standardize security policy management across the hybrid cloud, directly from the Tufin Console.

Key features include:

  • Rule Viewer -- Instant view of Zscaler Cloud Firewall rules directly from the Tufin console, for fast analysis. Users can identify overly permissive rules and view comprehensive data sets for each rule, including the last time a rule was modified
  • Rule Change Tracker --Tufin monitors and highlights Zscaler Cloud Firewall rule changes -- what was changed and when, for compliance and troubleshooting analysis
  • Rule filter -- Rule can be filtered by locations, apps, URL category, and users, for faster resolution of security and connectivity issues
Tufin console: Zscaler Cloud Firewall rule viewer

Rule Viewer

Tufin’s Rule Viewer enables network administrators to gain an instant view of Zscaler Cloud Firewall rules directly from the Tufin console, for fast analysis. Users can view rule attributes -- sources, destinations, users, applications. The Rule Viewer also provides rule metadata, such as when the rule was last modified, the certification status if rule certification is being enforced via Tufin, and if the rule is overly permissive and should therefore be modified or removed

Rule Change Tracker

To ensure continuous compliance and enable faster troubleshooting, Tufin monitors and highlights Zscaler Cloud Firewall rule changes -- what was changed, when, by whom, and whether there’s a comment or a reference associated with it. Tufin records every policy revision, maintaining a complete policy history as it evolves over time. Administrators can quickly retrieve and view the Zscaler policy as it existed at a previous point in time. A side-by-side comparison helps admins review changes to identify and fix misconfigurations. This can be invaluable when a change unexpectedly blocks access to a critical asset, enabling auditors to immediately view what has changed since the last audit

Tufin console: Revision history and change comparison
Tufin console: Rule viewer

Rule filter

Admins can filter rules by locations, apps, URL category, and users, for faster resolution of security and connectivity issues

How it Works

Adding Zscaler Cloud Firewall to SecureTrack is fast and easy. Users simply go to SecureTrack ‘Monitoring’ and select ‘Zscaler Cloud Firewall’ as an additional environment to monitor. The Zscaler Cloud Firewall rules are then automatically retrieved by Tufin and added into Tufin SecureTrack.

Tufin and Zscaler integration in action

Learn more about Tufin and Zscaler integration