Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiPolicy Release Notes

    Home FortiPolicy 7.2.2 FortiPolicy Release Notes
    7.2.2
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0

    Introduction

    Introduction

    FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.

    This document provides the following information for FortiPolicy 7.2.2 GA Build 0033:

    Product integration and support

    The following table lists FortiPolicy 7.2.2 integration and support information:

    Web browsers

    Latest version of Google Chrome

    FortiGate

    Running FortiOS 7.2.4 and higher

    FortiSwitch

    One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher

    Virtualization environment

    VMware vCenter Server

    Version 6.0 or 6.5

    VMware vSphere

    Version 6.5 and higher

    VMware ESXi

    Version 6.x and above

    ESX resource requirements

    FortiPolicy component

    vCPU requirements

    VM requirements

    FortiPolicy management plane

    10 vCPUs

    1 VM

    Open ports

    The following table lists the ports that FortiPolicy needs for communication through a firewall.

    Service or program

    Protocol

    Incoming ports

    Outgoing ports

    Internal ports

    SSHD

    TCP

    22

    DNS

    TCP,
    UDP

    53

    NTP

    UDP

    123 outbound queries to NTP servers from FortiPolicy

    123 to FortiPolicy

    Web access

    UDP

    80, 443

    FortiPolicy port 5601

    Connection between FortiPolicy and Security Fabric

    TCP

    8013 and 443

    Connection between FortiGate and FortiPolicy

    UDP 4739

    Syslog port for NetFlow

    Syslog port for NetFlow

    For telemetry uploads to fortipolicy.fortinet.com

    TCP

    fortipolicy.fortinet.com:443

    fortipolicy.fortinet.com:443

    Required management ports

    The following table lists the required management ports.

    Service or program

    Protocol

    Incoming ports

    Outgoing ports

    Internal ports
    Web access TCP 80

    FortiPolicy port 5601
    Web access TCP 443

    FortiPolicy port 5601

    Services available

    • Automated firewall policy

    • Application-level visibility

    • Complete user control

    • Microsegment FortiSwitch traffic

    • All FortiGate architectures

    • Block east/west traffic

    What’s new in FortiPolicy 7.2.2

    FortiPolicy 7.2.2 offers the following new features and enhancements:

    • There is now UI and REST API access to FortiPolicy internal settings, where you can configure and customize the machine learning engine. The configuration of these settings can be facilitated by the GUI or using REST APIs if an API based access is needed.

    • FortiPolicy now supports FortiGuard content.

    • FortiPolicy now supports devices in interfaces other than the primary interface of LAN segment. FortiPolicy also has the ability to handle the change of IP address when the device is moved to the primary interface. This may require user intervention to update application related configurations.

    • FortiPolicy can now propose ACL policies based on Layer 7 attributes.

    • You can now access the FortiPolicy REST API over the Security Fabric tunnel.

    • FortiPolicy now supports the following Operational Technology Protocols:

      • Modbus TCP

      • DNP3

      • IEC 60870-5-104 (IEC-104)

      • EtherNet/IP, CIP

      • OPC DA/ HDA/ AE/ UA

    A fresh install is recommended for theFortiPolicy 7.2.2 updates.
    Previous
    Next

    Introduction

    Introduction

    FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.

    This document provides the following information for FortiPolicy 7.2.2 GA Build 0033:

    Product integration and support

    The following table lists FortiPolicy 7.2.2 integration and support information:

    Web browsers

    Latest version of Google Chrome

    FortiGate

    Running FortiOS 7.2.4 and higher

    FortiSwitch

    One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher

    Virtualization environment

    VMware vCenter Server

    Version 6.0 or 6.5

    VMware vSphere

    Version 6.5 and higher

    VMware ESXi

    Version 6.x and above

    ESX resource requirements

    FortiPolicy component

    vCPU requirements

    VM requirements

    FortiPolicy management plane

    10 vCPUs

    1 VM

    Open ports

    The following table lists the ports that FortiPolicy needs for communication through a firewall.

    Service or program

    Protocol

    Incoming ports

    Outgoing ports

    Internal ports

    SSHD

    TCP

    22

    DNS

    TCP,
    UDP

    53

    NTP

    UDP

    123 outbound queries to NTP servers from FortiPolicy

    123 to FortiPolicy

    Web access

    UDP

    80, 443

    FortiPolicy port 5601

    Connection between FortiPolicy and Security Fabric

    TCP

    8013 and 443

    Connection between FortiGate and FortiPolicy

    UDP 4739

    Syslog port for NetFlow

    Syslog port for NetFlow

    For telemetry uploads to fortipolicy.fortinet.com

    TCP

    fortipolicy.fortinet.com:443

    fortipolicy.fortinet.com:443

    Required management ports

    The following table lists the required management ports.

    Service or program

    Protocol

    Incoming ports

    Outgoing ports

    Internal ports
    Web access TCP 80

    FortiPolicy port 5601
    Web access TCP 443

    FortiPolicy port 5601

    Services available

    • Automated firewall policy

    • Application-level visibility

    • Complete user control

    • Microsegment FortiSwitch traffic

    • All FortiGate architectures

    • Block east/west traffic

    What’s new in FortiPolicy 7.2.2

    FortiPolicy 7.2.2 offers the following new features and enhancements:

    • There is now UI and REST API access to FortiPolicy internal settings, where you can configure and customize the machine learning engine. The configuration of these settings can be facilitated by the GUI or using REST APIs if an API based access is needed.

    • FortiPolicy now supports FortiGuard content.

    • FortiPolicy now supports devices in interfaces other than the primary interface of LAN segment. FortiPolicy also has the ability to handle the change of IP address when the device is moved to the primary interface. This may require user intervention to update application related configurations.

    • FortiPolicy can now propose ACL policies based on Layer 7 attributes.

    • You can now access the FortiPolicy REST API over the Security Fabric tunnel.

    • FortiPolicy now supports the following Operational Technology Protocols:

      • Modbus TCP

      • DNP3

      • IEC 60870-5-104 (IEC-104)

      • EtherNet/IP, CIP

      • OPC DA/ HDA/ AE/ UA

    A fresh install is recommended for theFortiPolicy 7.2.2 updates.
    Previous
    Next