Fortinet black logo

FortiPolicy Release Notes

Home FortiPolicy 7.2.4 FortiPolicy Release Notes
7.2.4
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0

Introduction

Introduction

FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.

This document provides the following information for FortiPolicy 7.2.4 GA Build 0038:

Product integration and support

The following table lists FortiPolicy 7.2.4 integration and support information:

Web browsers

Latest version of Google Chrome

FortiGate

Running FortiOS 7.4.0

FortiSwitch

One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher

Virtualization environment

VMware vCenter Server

Version 6.0 or 6.5

VMware vSphere

Version 6.5 and higher

VMware ESXi

Version 7.x and above

ESX resource requirements

FortiPolicy component

vCPU requirements

VM requirements

FortiPolicy management plane

10 vCPUs

1 VM

Ports used by FortiPolicy

The following table lists the ports that FortiPolicy uses to communicate with other services. Depending on your deployment you may need to open these ports up in your firewall.

Service or program

Protocol

Incoming ports

Outgoing ports

Details

SSHD

TCP

22

In order to SSH to the FortiPolicy CLI, TCP:22 must be allowed.

DNS

TCP, UDP

53

FortiPolicy need to access to the DNS servers provided during setup.

NTP

UDP

123

By default, FortiPolicy uses public Ubuntu NTP Pools. It is strongly suggested to provide your own NTP server during install.

Web access

TCP

80, 443

Port 80(HTTP) is a redirect to port 443(HTTPS).

Security Fabric connection

TCP

442, 8013

FortiPolicy needs access to the Root FortiGate.

Netflow connection

UDP

4739

N/A

Netflows/IPFix from Fortigate and supported network switches.

sFlow connection

UDP

6343

N/A

sFlows from Fortigate and supported network switches.

Telemetry uploads

TCP

N/A

fortipolicy.fortinet.com:443

Services available

  • Automated firewall policy

  • Application-level visibility

  • Complete user control

  • Microsegment FortiSwitch traffic

  • All FortiGate architectures

  • Block east/west traffic

What’s new in FortiPolicy 7.2.4

FortiPolicy 7.2.4 offers the following new features and enhancements:

Support for sFlow

FortiPolicy 7.2.4 now has support for sFlow protocol.

sFlow monitors traffic in the network to identify areas on the network that might impact performance and throughput. sFlow can export truncated packets and interface counters.

sFlow uses packet sampling to monitor network traffic. The sFlow agent captures packet information at defined intervals and sends them to an sFlow collector for analysis, providing real-time data analysis. To minimize the impact on network throughput, the information sent is only a sampling of the data.

FortiPolicy can be configured as a sFlow collector on third-party switches. It will process sFlow datagrams to detect application tiers and recommend security policies.

Previous
Next

Introduction

FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.

This document provides the following information for FortiPolicy 7.2.4 GA Build 0038:

Product integration and support

The following table lists FortiPolicy 7.2.4 integration and support information:

Web browsers

Latest version of Google Chrome

FortiGate

Running FortiOS 7.4.0

FortiSwitch

One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher

Virtualization environment

VMware vCenter Server

Version 6.0 or 6.5

VMware vSphere

Version 6.5 and higher

VMware ESXi

Version 7.x and above

ESX resource requirements

FortiPolicy component

vCPU requirements

VM requirements

FortiPolicy management plane

10 vCPUs

1 VM

Ports used by FortiPolicy

The following table lists the ports that FortiPolicy uses to communicate with other services. Depending on your deployment you may need to open these ports up in your firewall.

Service or program

Protocol

Incoming ports

Outgoing ports

Details

SSHD

TCP

22

In order to SSH to the FortiPolicy CLI, TCP:22 must be allowed.

DNS

TCP, UDP

53

FortiPolicy need to access to the DNS servers provided during setup.

NTP

UDP

123

By default, FortiPolicy uses public Ubuntu NTP Pools. It is strongly suggested to provide your own NTP server during install.

Web access

TCP

80, 443

Port 80(HTTP) is a redirect to port 443(HTTPS).

Security Fabric connection

TCP

442, 8013

FortiPolicy needs access to the Root FortiGate.

Netflow connection

UDP

4739

N/A

Netflows/IPFix from Fortigate and supported network switches.

sFlow connection

UDP

6343

N/A

sFlows from Fortigate and supported network switches.

Telemetry uploads

TCP

N/A

fortipolicy.fortinet.com:443

Services available

  • Automated firewall policy

  • Application-level visibility

  • Complete user control

  • Microsegment FortiSwitch traffic

  • All FortiGate architectures

  • Block east/west traffic

What’s new in FortiPolicy 7.2.4

FortiPolicy 7.2.4 offers the following new features and enhancements:

Support for sFlow

FortiPolicy 7.2.4 now has support for sFlow protocol.

sFlow monitors traffic in the network to identify areas on the network that might impact performance and throughput. sFlow can export truncated packets and interface counters.

sFlow uses packet sampling to monitor network traffic. The sFlow agent captures packet information at defined intervals and sends them to an sFlow collector for analysis, providing real-time data analysis. To minimize the impact on network throughput, the information sent is only a sampling of the data.

FortiPolicy can be configured as a sFlow collector on third-party switches. It will process sFlow datagrams to detect application tiers and recommend security policies.

Previous
Next