Introduction

FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.

This document provides the following information for FortiPolicy 7.2.3 GA Build 0037:

Product integration and support
Virtualization environment
ESX resource requirements
Ports used by FortiPolicy
Services available
What’s new in FortiPolicy 7.2.3
Resolved issues
Known issues

Product integration and support

The following table lists FortiPolicy 7.2.3 integration and support information:

Web browsers	Latest version of Google Chrome
FortiGate	Running FortiOS 7.2.4
FortiSwitch	One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher

Virtualization environment

VMware vCenter Server	Version 6.0 or 6.5
VMware vSphere	Version 6.5 and higher
VMware ESXi	Version 6.x and above

ESX resource requirements

FortiPolicy component	vCPU requirements	VM requirements
FortiPolicy management plane	10 vCPUs	1 VM

Ports used by FortiPolicy

The following table lists the ports that FortiPolicy uses to communicate with other services. Depending on your deployment you may need to open these ports up in your firewall.

Service or program	Protocol	Incoming ports	Outgoing ports	Details
SSHD	TCP	22		In order to SSH to the FortiPolicy CLI, TCP:22 must be allowed.
DNS	TCP, UDP		53	FortiPolicy need to access to the DNS servers provided during setup.
NTP	UDP		123	By default, FortiPolicy uses public Ubuntu NTP Pools. It is strongly suggested to provide your own NTP server during install.
Web access	TCP	80, 443		Port 80(HTTP) is a redirect to port 443(HTTPS).
Security Fabric conection	TCP		442, 8013	FortiPolicy needs access to the Root FortiGate.
Netflow connection	UDP	4739	N/A	Netflows/IPFix from Fortigate and supported network switches.
Telemetry uploads	TCP	N/A	fortipolicy.fortinet.com:443

Services available

Automated firewall policy
Application-level visibility
Complete user control
Microsegment FortiSwitch traffic
All FortiGate architectures
Block east/west traffic

What’s new in FortiPolicy 7.2.3

FortiPolicy 7.2.3 offers the following new features and enhancements:

CORS authentication

FortiPolicy now has Cross-Origin Resource Sharing (CORS), which allows clients on the internet or on an external network to connect to a FortiPolicy sever running on a private network. The FortiPolicy server acts as a source origin, which listens for, processes, and responds to incoming page requests from client browsers.

Support for third-party switches

FortiPolicy now supports third-party switches.

Use the 4793 port and UDP protocol to configure NetFlow.

To configure the third-party switch, consult the switch's configuration guide for the necessary commands.

FortiOS 7.2.4

FortiPolicy 7.2.3 supports FortiOS 7.2.4.

Introduction

This document provides the following information for FortiPolicy 7.2.3 GA Build 0037:

Product integration and support
Virtualization environment
ESX resource requirements
Ports used by FortiPolicy
Services available
What’s new in FortiPolicy 7.2.3
Resolved issues
Known issues

Product integration and support

The following table lists FortiPolicy 7.2.3 integration and support information:

Web browsers	Latest version of Google Chrome
FortiGate	Running FortiOS 7.2.4
FortiSwitch	One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher

Virtualization environment

VMware vCenter Server	Version 6.0 or 6.5
VMware vSphere	Version 6.5 and higher
VMware ESXi	Version 6.x and above

ESX resource requirements

FortiPolicy component	vCPU requirements	VM requirements
FortiPolicy management plane	10 vCPUs	1 VM

Ports used by FortiPolicy

The following table lists the ports that FortiPolicy uses to communicate with other services. Depending on your deployment you may need to open these ports up in your firewall.

Service or program	Protocol	Incoming ports	Outgoing ports	Details
SSHD	TCP	22		In order to SSH to the FortiPolicy CLI, TCP:22 must be allowed.
DNS	TCP, UDP		53	FortiPolicy need to access to the DNS servers provided during setup.
NTP	UDP		123	By default, FortiPolicy uses public Ubuntu NTP Pools. It is strongly suggested to provide your own NTP server during install.
Web access	TCP	80, 443		Port 80(HTTP) is a redirect to port 443(HTTPS).
Security Fabric conection	TCP		442, 8013	FortiPolicy needs access to the Root FortiGate.
Netflow connection	UDP	4739	N/A	Netflows/IPFix from Fortigate and supported network switches.
Telemetry uploads	TCP	N/A	fortipolicy.fortinet.com:443

Services available

Automated firewall policy
Application-level visibility
Complete user control
Microsegment FortiSwitch traffic
All FortiGate architectures
Block east/west traffic

What’s new in FortiPolicy 7.2.3

FortiPolicy 7.2.3 offers the following new features and enhancements:

CORS authentication

Support for third-party switches

FortiPolicy now supports third-party switches.

Use the 4793 port and UDP protocol to configure NetFlow.

To configure the third-party switch, consult the switch's configuration guide for the necessary commands.

FortiOS 7.2.4

FortiPolicy 7.2.3 supports FortiOS 7.2.4.

FortiPolicy Release Notes

Introduction

Introduction

Product integration and support

Virtualization environment

ESX resource requirements

Ports used by FortiPolicy

Services available

What’s new in FortiPolicy 7.2.3

CORS authentication

Support for third-party switches

FortiOS 7.2.4

Introduction

Product integration and support

Virtualization environment

ESX resource requirements

Ports used by FortiPolicy

Services available

What’s new in FortiPolicy 7.2.3

CORS authentication

Support for third-party switches

FortiOS 7.2.4