FortiADC 7.0.2 offers the following new features:
Zero Trust Network Access (ZTNA)
Zero Trust Network Access (ZTNA) is an access control method that uses client device identification and Zero Trust tags to provide role-based application access for On-net local users and Off-net remote users. Access to applications is granted only after verifying the device and user identity, and then performing context-based posture checks using Zero Trust tags.
When On-net and Off-net FortiClient endpoints register to FortiClient EMS, device information, logged on user information, and security posture are all shared over ZTNA telemetry with the EMS server. Clients also make a certificate signing request to obtain a client certificate from the EMS that is acting as the ZTNA Certificate Authority (CA).
Based on the client information, EMS applies matching Zero Trust tagging rules to tag the clients. These tags, and the FortiClient endpoint information (including the device information, logged on user information, and security posture) are synchronized with the FortiADC in real-time. This allows the FortiADC to verify the client's identity using the client certificate, and grant access based on the ZTNA tags applied in the ZTNA security rule.
The FortiADC ZTNA is a network security feature that allows users to securely access Layer 7 HTTPS and TCPS virtual server resources for server load balancing. Once the ZTNA security rule has been configured it can be referenced by Layer 7 HTTPS and TCPS virtual servers to implement role-based zero trust access by using the client certificate and ZTNA tags for identification and security posture check.
WAF exceptions enhancement
The Source IPv6 rule type is now supported for WAF exceptions.
SNMP traps and Syslog message enhancement
The Fortinet device hostname is now included in the Hostname in SNMP traps and Syslog messages.