Introduction
FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.
This document provides the following information for FortiPolicy 7.2.2 GA Build 0033:
Product integration and support
The following table lists FortiPolicy 7.2.2 integration and support information:
|
Web browsers |
Latest version of Google Chrome |
|
FortiGate |
Running FortiOS 7.2.4 and higher |
|
FortiSwitch |
One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher |
Virtualization environment
|
VMware vCenter Server |
Version 6.0 or 6.5 |
|
VMware vSphere |
Version 6.5 and higher |
|
VMware ESXi |
Version 6.x and above |
ESX resource requirements
|
FortiPolicy component |
vCPU requirements |
VM requirements |
|---|---|---|
|
FortiPolicy management plane |
10 vCPUs |
1 VM |
Open ports
The following table lists the ports that FortiPolicy needs for communication through a firewall.
|
Service or program |
Protocol |
Incoming ports |
Outgoing ports |
Internal ports |
|---|---|---|---|---|
|
SSHD |
TCP |
22 |
|
|
|
DNS |
TCP, |
|
53 |
|
|
NTP |
UDP |
|
123 outbound queries to NTP servers from FortiPolicy |
123 to FortiPolicy |
|
Web access |
UDP |
80, 443 |
|
FortiPolicy port 5601 |
|
Connection between FortiPolicy and Security Fabric |
TCP |
|
8013 and 443 |
|
|
Connection between FortiGate and FortiPolicy |
UDP 4739 |
Syslog port for NetFlow |
Syslog port for NetFlow |
|
|
For telemetry uploads to fortipolicy.fortinet.com |
TCP |
fortipolicy.fortinet.com:443 |
fortipolicy.fortinet.com:443 |
|
Required management ports
The following table lists the required management ports.
|
Service or program |
Protocol |
Incoming ports |
Outgoing ports |
Internal ports |
|---|---|---|---|---|
| Web access | TCP | 80 |
FortiPolicy port 5601 |
|
| Web access | TCP | 443 |
FortiPolicy port 5601 |
Services available
-
Automated firewall policy
-
Application-level visibility
-
Complete user control
-
Microsegment FortiSwitch traffic
-
All FortiGate architectures
-
Block east/west traffic
What’s new in FortiPolicy 7.2.2
FortiPolicy 7.2.2 offers the following new features and enhancements:
-
There is now UI and REST API access to FortiPolicy internal settings, where you can configure and customize the machine learning engine. The configuration of these settings can be facilitated by the GUI or using REST APIs if an API based access is needed.
-
FortiPolicy now supports FortiGuard content.
-
FortiPolicy now supports devices in interfaces other than the primary interface of LAN segment. FortiPolicy also has the ability to handle the change of IP address when the device is moved to the primary interface. This may require user intervention to update application related configurations.
-
FortiPolicy can now propose ACL policies based on Layer 7 attributes.
-
You can now access the FortiPolicy REST API over the Security Fabric tunnel.
-
FortiPolicy now supports the following Operational Technology Protocols:
-
Modbus TCP
-
DNP3
-
IEC 60870-5-104 (IEC-104)
-
EtherNet/IP, CIP
-
OPC DA/ HDA/ AE/ UA
-
|
A fresh install is recommended for theFortiPolicy 7.2.2 updates. |