Introduction
FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.
This document provides the following information for FortiPolicy 7.2.0 build 0021:
Product integration and support
The following table lists FortiPolicy 7.2.0 integration and support information:
Web browsers |
Latest version of Google Chrome |
FortiGate |
Running FortiOS 7.0.6 and higher |
FortiSwitch |
One or more managed FortiSwitch units running FortiSwitchOS 7.0.0 or higher |
Virtualization environment
VMware vCenter Server |
Version 6.0 or 6.5 |
VMware vSphere |
Version 6.5 and higher |
VMware ESXi |
Version 6.x and above |
ESX resource requirements
FortiPolicy component |
vCPU requirements |
VM requirements |
---|---|---|
FortiPolicy management plane |
10 vCPUs |
1 VM |
Open ports
The following table lists the ports that FortiPolicy needs for communication through a firewall.
Service or program |
Protocol |
Incoming ports |
Outgoing ports |
Internal ports |
---|---|---|---|---|
SSHD |
TCP |
22 |
|
|
DNS |
TCP, |
|
53 |
|
NTP |
UDP |
|
123 outbound queries to NTP servers from FortiPolicy |
123 to FortiPolicy |
Web access |
UDP |
80, 443 |
|
FortiPolicy port 5601 |
Connection between FortiPolicy and Security Fabric |
TCP |
|
8013 and 443 |
|
Connection between FortiGate and FortiPolicy |
UDP 4739 |
Syslog port for NetFlow |
Syslog port for NetFlow |
|
For telemetry uploads to fortipolicy.fortinet.com |
TCP |
sxti.shieldx.com:443 |
sxti.shieldx.com:443 |
|
Required management ports
The following table lists the required management ports.
Service or program |
Protocol |
Incoming ports |
Outgoing ports |
Internal ports |
---|---|---|---|---|
Web access | TCP | 80 |
FortiPolicy port 5601 |
|
Web access | TCP | 443 |
FortiPolicy port 5601 |
Services available
-
Automated firewall policy
-
Application-level visibility
-
Complete user control
-
Microsegment FortiSwitch traffic
-
All FortiGate architectures
-
Block east/west traffic