Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiPolicy Release Notes

    Home FortiPolicy 7.2.4 FortiPolicy Release Notes
    7.2.4
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0

    Introduction

    Introduction

    FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.

    This document provides the following information for FortiPolicy 7.2.4 GA Build 0038:

    Product integration and support

    The following table lists FortiPolicy 7.2.4 integration and support information:

    Web browsers

    Latest version of Google Chrome

    FortiGate

    Running FortiOS 7.4.0

    FortiSwitch

    One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher

    Virtualization environment

    VMware vCenter Server

    Version 6.0 or 6.5

    VMware vSphere

    Version 6.5 and higher

    VMware ESXi

    Version 7.x and above

    ESX resource requirements

    FortiPolicy component

    vCPU requirements

    VM requirements

    FortiPolicy management plane

    10 vCPUs

    1 VM

    Ports used by FortiPolicy

    The following table lists the ports that FortiPolicy uses to communicate with other services. Depending on your deployment you may need to open these ports up in your firewall.

    Service or program

    Protocol

    Incoming ports

    Outgoing ports

    Details

    SSHD

    TCP

    22

    In order to SSH to the FortiPolicy CLI, TCP:22 must be allowed.

    DNS

    TCP, UDP

    53

    FortiPolicy need to access to the DNS servers provided during setup.

    NTP

    UDP

    123

    By default, FortiPolicy uses public Ubuntu NTP Pools. It is strongly suggested to provide your own NTP server during install.

    Web access

    TCP

    80, 443

    Port 80(HTTP) is a redirect to port 443(HTTPS).

    Security Fabric connection

    TCP

    442, 8013

    FortiPolicy needs access to the Root FortiGate.

    Netflow connection

    UDP

    4739

    N/A

    Netflows/IPFix from Fortigate and supported network switches.

    sFlow connection

    UDP

    6343

    N/A

    sFlows from Fortigate and supported network switches.

    Telemetry uploads

    TCP

    N/A

    fortipolicy.fortinet.com:443

    Services available

    • Automated firewall policy

    • Application-level visibility

    • Complete user control

    • Microsegment FortiSwitch traffic

    • All FortiGate architectures

    • Block east/west traffic

    What’s new in FortiPolicy 7.2.4

    FortiPolicy 7.2.4 offers the following new features and enhancements:

    Support for sFlow

    FortiPolicy 7.2.4 now has support for sFlow protocol.

    sFlow monitors traffic in the network to identify areas on the network that might impact performance and throughput. sFlow can export truncated packets and interface counters.

    sFlow uses packet sampling to monitor network traffic. The sFlow agent captures packet information at defined intervals and sends them to an sFlow collector for analysis, providing real-time data analysis. To minimize the impact on network throughput, the information sent is only a sampling of the data.

    FortiPolicy can be configured as a sFlow collector on third-party switches. It will process sFlow datagrams to detect application tiers and recommend security policies.

    Previous
    Next

    Introduction

    Introduction

    FortiPolicy is the first containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.

    This document provides the following information for FortiPolicy 7.2.4 GA Build 0038:

    Product integration and support

    The following table lists FortiPolicy 7.2.4 integration and support information:

    Web browsers

    Latest version of Google Chrome

    FortiGate

    Running FortiOS 7.4.0

    FortiSwitch

    One or more managed FortiSwitch units running FortiSwitchOS 7.2.0 or higher

    Virtualization environment

    VMware vCenter Server

    Version 6.0 or 6.5

    VMware vSphere

    Version 6.5 and higher

    VMware ESXi

    Version 7.x and above

    ESX resource requirements

    FortiPolicy component

    vCPU requirements

    VM requirements

    FortiPolicy management plane

    10 vCPUs

    1 VM

    Ports used by FortiPolicy

    The following table lists the ports that FortiPolicy uses to communicate with other services. Depending on your deployment you may need to open these ports up in your firewall.

    Service or program

    Protocol

    Incoming ports

    Outgoing ports

    Details

    SSHD

    TCP

    22

    In order to SSH to the FortiPolicy CLI, TCP:22 must be allowed.

    DNS

    TCP, UDP

    53

    FortiPolicy need to access to the DNS servers provided during setup.

    NTP

    UDP

    123

    By default, FortiPolicy uses public Ubuntu NTP Pools. It is strongly suggested to provide your own NTP server during install.

    Web access

    TCP

    80, 443

    Port 80(HTTP) is a redirect to port 443(HTTPS).

    Security Fabric connection

    TCP

    442, 8013

    FortiPolicy needs access to the Root FortiGate.

    Netflow connection

    UDP

    4739

    N/A

    Netflows/IPFix from Fortigate and supported network switches.

    sFlow connection

    UDP

    6343

    N/A

    sFlows from Fortigate and supported network switches.

    Telemetry uploads

    TCP

    N/A

    fortipolicy.fortinet.com:443

    Services available

    • Automated firewall policy

    • Application-level visibility

    • Complete user control

    • Microsegment FortiSwitch traffic

    • All FortiGate architectures

    • Block east/west traffic

    What’s new in FortiPolicy 7.2.4

    FortiPolicy 7.2.4 offers the following new features and enhancements:

    Support for sFlow

    FortiPolicy 7.2.4 now has support for sFlow protocol.

    sFlow monitors traffic in the network to identify areas on the network that might impact performance and throughput. sFlow can export truncated packets and interface counters.

    sFlow uses packet sampling to monitor network traffic. The sFlow agent captures packet information at defined intervals and sends them to an sFlow collector for analysis, providing real-time data analysis. To minimize the impact on network throughput, the information sent is only a sampling of the data.

    FortiPolicy can be configured as a sFlow collector on third-party switches. It will process sFlow datagrams to detect application tiers and recommend security policies.

    Previous
    Next