Introduction
FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.
This document provides the following information for FortiPolicy 7.2.3 GA Build 0037:
Product integration and support
The following table lists FortiPolicy 7.2.3 integration and support information:
Web browsers |
Latest version of Google Chrome |
FortiGate |
Running FortiOS 7.2.4 |
FortiSwitch |
One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher |
Virtualization environment
VMware vCenter Server |
Version 6.0 or 6.5 |
VMware vSphere |
Version 6.5 and higher |
VMware ESXi |
Version 6.x and above |
ESX resource requirements
FortiPolicy component |
vCPU requirements |
VM requirements |
---|---|---|
FortiPolicy management plane |
10 vCPUs |
1 VM |
Ports used by FortiPolicy
The following table lists the ports that FortiPolicy uses to communicate with other services. Depending on your deployment you may need to open these ports up in your firewall.
Service or program |
Protocol |
Incoming ports |
Outgoing ports |
Details |
---|---|---|---|---|
SSHD |
TCP |
22 |
|
In order to SSH to the FortiPolicy CLI, TCP:22 must be allowed. |
DNS |
TCP, UDP |
|
53 |
FortiPolicy need to access to the DNS servers provided during setup. |
NTP |
UDP |
|
123 |
By default, FortiPolicy uses public Ubuntu NTP Pools. It is strongly suggested to provide your own NTP server during install. |
Web access |
TCP |
80, 443 |
|
Port 80(HTTP) is a redirect to port 443(HTTPS). |
Security Fabric conection |
TCP |
|
442, 8013 |
FortiPolicy needs access to the Root FortiGate. |
Netflow connection |
UDP |
4739 |
N/A |
Netflows/IPFix from Fortigate and supported network switches. |
Telemetry uploads |
TCP |
N/A |
fortipolicy.fortinet.com:443 |
|
Services available
-
Automated firewall policy
-
Application-level visibility
-
Complete user control
-
Microsegment FortiSwitch traffic
-
All FortiGate architectures
-
Block east/west traffic
What’s new in FortiPolicy 7.2.3
FortiPolicy 7.2.3 offers the following new features and enhancements:
CORS authentication
FortiPolicy now has Cross-Origin Resource Sharing (CORS), which allows clients on the internet or on an external network to connect to a FortiPolicy sever running on a private network. The FortiPolicy server acts as a source origin, which listens for, processes, and responds to incoming page requests from client browsers.
Support for third-party switches
FortiPolicy now supports third-party switches.
Use the 4793 port and UDP protocol to configure NetFlow.
To configure the third-party switch, consult the switch's configuration guide for the necessary commands. |
FortiOS 7.2.4
FortiPolicy 7.2.3 supports FortiOS 7.2.4.