Transcription
DATA SHEETFortiOS 7.0Available in:ApplianceVirtualMachineHosted(SASE SIA)CloudFortinet’s Security Operating SystemThe release of FortiOS 7.0 dramatically expands the FortinetSecurity Fabric’s ability to deliver consistent security across allnetworks, endpoints, and clouds with SASE and ZTNA, amongothers.FortiOS 7.0 expands visibility and control, ensures theconsistent deployment and enforcement of security policies,and enables centralized management across the entiredistributed network.Highlights: What’s NewNetworkingnSecuritynnIt allows organizations to run their businesses withoutcompromising performance or protection, supports seamlessscalability, and simplifies innovation consumption.Delivering a consistent and dynamic security posture enablesusers and devices to access applications where they aredeployed, from anywhere in the world with security thatautomatically asses & adjust to match the risk.nnFortiGuard Video FilteringServiceDNS inspection enhancementsACME SupportNew Zero Trust NetworkAccess solutionAI-Based malware detectionManagementnnPowered by FortiOS 7.0, the Fortinet Security Fabric delivers:SD-WAN advanced routingimprovementsnSupport for Security Fabric inMulti-VDOM modeFabric Devices to triggerAutomation RulesSecurity Rating OverlaysSecurity-Driven NetworkingConvergence of Networking and Security into a single, integratedsystem that can expand to any edgeZero-Trust AccessKnowing and controlling every connected user and deviceAdaptive Cloud SecuritySecure and control multi-cloud infrastructures and applications withagility and automation1
DATA SHEET FortiOSTM 7.0OVERVIEWIntroducing FortiOSTM 7.0Digital InnovationFabric ManagementCenterAs organizations accelerate their digital innovationinitiatives, ensuring their security can keep up withtoday’s complex and fast-evolving threat landscapeis critical. The explosion of network edges – acrossdata center, WAN, LAN, LTE, off-net, compute,operational technology, CASB, SASE, internet, andmost recently, the home edge – has expandedand splintered the perimeter across the entireinfrastructure.The challenge with rapidly expanding the networkedge is that many of the technologies needed tomake things work don’t work together. Much of thedigital innovation progress has been piecemeal,without a unifying security strategy or framework.Most organizations have accumulated a widevariety of isolated security tools designed toprotect a function or one segment of the network inisolation.NOCSOCAdaptive CloudSecurityZero TrustAccessFORTI Threat IntelligenceVendor and solutions sprawl has made maintainingnetwork-wide visibility and consistent policyenforcement next to impossible, let alonemaintaining and monitoring the various securityand networking solutions in place for delivering theexpected high-performing user to application connection.AND keeping ahead of threats that morph, change andexpand in rapid pace than ever before.This approach can’t scale, slowing business down, introducingmore risk and complexity. It needs to evolve.Fortinet addresses this challenge with the Fortinet SecurityFabric, an integrated cybersecurity platform with a richecosystem designed to span the extended digital attacksurface to enable broad, integrated, and automated securityprotecting devices, data, and applications.With over 300 new features spanning the full portfolioand pillars, we keep organizations ahead of the threatsby providing continuous protection for data, users,devices, and applications transition across networks,endpoints, and multi-clouds leveraging our Fabric, AIpowered FortiGuard Security Services, and automatedresponse capabilities. Our Fabric Management Centerprovides organizations of any size to secure and simplifytheir SOC, NOC, and IT infrastructure. And our newSOCaaS and best practice services help ensure that theorganization’s overarching security posture is optimized.22
DATA SHEET FortiOSTM 7.0HIGHLIGHTSSecurity FabricFEATURESystem IntegrationHIGHLIGHTSFORTINET ADVANTAGE§ Native integration with Fortinet products viaquick setup GUI connectors§ Ability to reuse organization’s existingsystems to lower TCO and streamlineprocesses§ Standard-based data exchange APIs supportwith third-party solutions§ Standard-based monitoring output – SNMPNetflow/Sflow and Syslog support to external/third-party SIEM, SOAR and logging systems§ Expand security and operationalcapabilities by seamlessly integratingwith external solutions§ Endpoint/Identity infrastructure integrations§ External threat feeds integrations§ New: Security Fabric support in multi-virtualdomain environmentsCentral Management andprovisioning§ Fortinet/third-party automation and portalservices support via APIs and CLI scripts§ Rapid deployment features including cloudbased provisioning solutions§ Developer community platform access andprofessional service options for complexintegrations§ Extensive integration resources for Ansible andTerraformCloud and SDN Integration§ Multi-cloud support using Cloud and SDNconnectors for AWS, Microsoft Azure, GCP, OCI,AliCloud, VMware ESXi, NSX, OpenStack, CiscoACI and Nuage Virtualized Service Platforms§ Kubernetes connectors for private and publicclouds§ NEW: Show the REST API commands behind aparticular GUI action3§ Extensive APIs and CLI commandsoffering feature-rich serviceenhancements§ Comprehensive rapid deploymentoptions to save time and costs§ Fortinet Developer Network (FNDN)empowers large service providersand enterprises with sharedimplementation/customization/integration knowledge§ Robust and comprehensive SDNintegration capabilities thatallow organizations to implementcloud solutions securely withoutcompromising agility
DATA SHEET FortiOSTM 7.0HIGHLIGHTSFEATUREVisibilityHIGHLIGHTSFORTINET ADVANTAGE§ Interactive drill-down and topology viewersthat illustrate real-time and historical threatstatus and network usage with comprehensivecontextual information§ One-click remediation that offersaccurate and quick protection againstthreats and abuses§ Aggregated data views provided by fabricdevices§ Unique threat score system, correlatingweighted threats with particular usersto prioritize investigations§ Fabric-wide views expand visibilitybeyond a single security entity, allowingorganizations to quickly spot problemsand address themAutomation§ Wizard-based automation workflow thatperforms appropriate actions based on triggersdefined, across the Fortinet Security Fabric§ Automatically quarantine compromised hostsusing FortiClient via EMS or connections viaFortiSwitch and FortiAP§ Reducing risk exposure and replacingmanual security processes withautomation to help address theorganizational challenges of tighterbudgets and a skilled staffing shortage§ NEW: Fabric Devices to trigger Automation RulesNAC§ Interface with FortiAuthenticator and a widevariety of external identity management systemsto facilitate user authentication processes§ Wide-ranging single sign-on identity acquisitionmethods, including Windows AD, terminalservers, access portals, and mail services§ Built-in token server to manage both physicaland mobile tokens for use with various FortiOSauthentication requirements such as VPN accessand FortiGate administration§ NEW: Improved ZTNA (Zero Trust NetworkAccess) framework for mobile endpointsCompliance & SecurityRating§ Periodic system configuration checks on fabricdevices using a pre-defined checklist to revealsecurity posture status updates; the data is keptto produce historical trending charts§ Audit setups against PCI compliancerequirements§ Security rating ranking are benchmarked againstpeersAdvance Threat Protection(ATP)§ Local file quarantine (for models with storage)§ Receive dynamic remediation (malicious filechecksum and URLs) DB updates and detailanalysis reports from external Fortinet fileanalysis solutions (FortiSandbox)§ Endpoint vulnerability views that present rankedvulnerable clients with details§ IOC service integration displays IOC detectiondata from FortiAnalyzer onto FortiView andtopology maps§ FortiOS integrates with a widevariety of AAA services to facilitateuser admission control from variousentry points, giving users a simplifiedexperience while implementing greatersecurity§ Easily implement two-factorauthentication for user andadministrator access at little cost§ Simplified mobile user securityenforcement by easily distributing andupdating clients’ security profiles thatare consistent with gateway protection§ Automates compliance auditing, whichfrees up administration resources§ Quickly verify the status and healthof your setup and connected deviceswithin the Fabric and identify any gapsthat can potentially leave you at greaterrisk§ Supported by proven and industryvalidated AV research services.§ Ability to adopt a robust ATP frameworkthat reaches mobile users and branchoffices, detecting and preventingadvanced attacks that may bypasstraditional defenses by examiningfiles from various vectors, includingencrypted files§ Easily identify vulnerable hosts acrossthe fabric§ Administrators can easily identifysuspicious hosts and quickly orautomatically quarantine them44
DATA SHEET FortiOSTM 7.0HIGHLIGHTSFEATUREWireless ControllerHIGHLIGHTSFORTINET ADVANTAGE§ Integrated wireless controller for Fortinet’swide range of AP form factors, including indoor,outdoor, and remote models, with no additionallicense or component fees§ The wireless controller integrates intothe FortiGate console providing a truesingle-pane-of-glass management forease-of-use and lower TCO§ Enterprise-class wireless managementfunctionality, including rogue AP protection,wireless security, monitoring, and reporting§ Supports 802.3ax APsSwitch Controller§ Integrated switch controller for Fortinetaccess switches with no additional license orcomponent fees§ Expands security to the access level tostop threats and protect terminals fromone another§ Simplifies NAC deploymentWAN Interface Manager§ Supports LTE connectivity via integrated modem, § Allows organizations to use orUSB port or the FortiExtenderadd 3G/4G connectivity for WANconnections while maintaining accesscontrol and defining the usage forthose NET ADVANTAGE§ Wide variety of configuration tools — iOS app,Web UI and CLI§ Unique FortiExplorer configuration toolallows administrators to quickly accessconfigurations, including via mobilephones and tablets§ Ease of use with intuitive, state-of-the-art GUIand wizards§ One-click access and actions between logviewers, dashboard widgets, policy tables, andmore§ Intelligent object panel for policy setups andeditsLog & Reports§ Real-time logging to FortiAnalyzer, FortiAnalyzerCloud, and FortiGate Cloud§ GUI Report Editor offering highlycustomizable reports§ Common Event Format (CEF) support§ Managing logs holistically simplifiesconfiguration and guarantees thatcritical information from every FortiGateis centrally collected and availablefor analysis. This closes any gaps inintelligence§ Diagnostic CLI commands, session tracer, andpacket capture for troubleshooting hardware,system, and network issues§ Hardware testing suite on CLI§ Policy and routing GUI tracer5§ Useful one-click access and actionsbring administrators to the next stepsquickly and accurately to swiftlymitigate threats or resolve problems§ Detailed logs and out-of-the-box reports that are § Includes deep contextual information,including source device details andessential for compliance, audits, and diagnosticstrong audit trailpurposes§ Logging consolidation within Security FabricDiagnostics§ VPN wizards facilitate easy setup,including popular mobile clients andother vendors’ VPN gateways§ Comprehensive diagnostic toolshelp organizations quickly remediateproblems and investigate abnormalsituations
DATA SHEET FortiOSTM 7.0HIGHLIGHTSFEATUREMonitoringHIGHLIGHTSFORTINET ADVANTAGE§ Real-time monitors§ IOS push notification via FortiExplorer app§ Dashboard NOC view allows you tokeep mission-critical information in viewat all times. Interactive and drill-downwidgets avoid dead-ends during yourinvestigations, keeping analysis movingquickly and smoothlyHIGHLIGHTSFORTINET ADVANTAGE§ Easy-to-use policy management with uniqueSection or Global view options§ Flexible policy setup with variouscontrol systems assist organizationsin implementing effective networksecurity that is relevant to theirnetworks§ NOC DashboardPolicy & ControlFEATUREPolicy Modes§ NGFW Policy-based and Policy-based modes§ Consolidated IPv4 and IPv6 policiesDevice Identification§ Identification of different types of devicespresent on the network§ MAC address policy source objects§ Empowers organizations to add criticalsecurity to today’s BYOD environmentby identifying personal devices§ IoT security service allowing FortiGates to queryFortiGuard servers for more information about adeviceSSL Inspection§ Identify and block threats hidden within§ Effectively examine SSL-encrypted traffic withencrypted traffic without significantlyvarious security controls, such as AV and contentimpacting performancefiltering§ High-performance SSL inspection with contentprocessors§ Reputable sites database for T ADVANTAGE§ High-performance firewall within a SPU-powered § Industry’s top firewall appliance with asuperior cost-performance ratioappliance§ Implement security policies that use acombination of source objects, IPs, users, and/or devices§ Automatically or manually quarantine users/attackers§ Directs registered FortiClient to host quarantinesVPN§ Comprehensive enterprise-class features forvarious types of VPN setups§ SSL and IPsec VPN wizards§ Cloud-assisted Overlay Controller VPN thatsupports, Full Mesh, Hub & Spoke topology withADVPN options§ The FortiGate’s unmatchedperformance for VPN allowsorganizations to establish securecommunications and data privacybetween multiple networks andhosts by leveraging custom securityprocessors (SPUs) to accelerateencryption and decryption of networktraffic66
DATA SHEET FortiOSTM 7.0HIGHLIGHTSFEATUREIPS & DoSHIGHLIGHTSFORTINET ADVANTAGE§ Regular and rate-based signatures, supportedby zero-day threat protection and research foreffective, IPS implementation§ Proven quality protection with “NSSRecommended” award for superiorcoverage and cost/performance§ Integrated DoS protection defends againstabnormal traffic behaviors§ Adapts to enterprise needs with full IPSfeatures and NGIPS capabilities, suchas contextual visibility§ CVE reference for IPS signaturesWeb & Video Filtering§ Enterprise-class URL filtering solution thatincludes quotas, user overrides, transparent safesearch, and search engine keyword logging§ Superior coverage with URL ratings of over 70languages and identifies redirected (cached andtranslated) sites§ Supports various network deploymentrequirements, such as sniffer mode,and compatible with active-bypassbridging device or built-in bypass portsfor a selected model§ Multi-layered anti-proxy avoidancecapabilities with integrated applicationcontrol and IPS allow organizations toimplement air-tight web usage controls§ New: Video Filtering using FortiGuard categorybased filter and/or YouTube APIs and parametersEmail Filtering§ Highly effective, multilayered spam filters withlow false positives§ Cost-efficient anti-spam solution forsmall organizations or branch officeswithout requiring investment in anadditional systemApplication Control§ Detects and acts against traffic-based onapplications while providing visibility on networkusage§ Superior coverage, including bothdesktop and mobile applications,enabling better management ofnetwork access policies§ Fine-grained control on popular cloudapplications, such as SalesForce, Google Docs,and DropboxAnti-Malware§ Flow- and proxy-based AV options for choicesbetween protection and performance§ Applies deeper application inspectionsfor better control and visibility asmore enterprises rely on public cloudservices§ Supported by proven and industryvalidated AV research services§ Ability to adopt robust ATP framework§ Anti-bot capability using IP reputation DB tothat reaches mobile users and branchterminates botnet communication to C&C serversoffices, detecting and preventing§ Receive dynamic remediation (malicious fileadvanced attacks that may bypasschecksum and URLs) DB updates and detailtraditional defenses by examininganalysis reports from external Fortinet filefiles from various vectors, includinganalysis solutions (FortiSandbox)encrypted files§ Virus Outbreak Protection as an additional layerof proactive protection targeted at new malware;comparing and detecting threats using a realtime FortiGuard checksum database§ Content Disarm and Reconstruction (CDR)removes exploitable content before reachingusers§ NEW: AI-powered heuristics detection engineProtective DNS7§ Uses existing DNS protocols and architecture toanalyze DNS queries and mitigate threats§ Defenses in various points of thenetwork exploitation lifecycle,addressing phishing, malwaredistribution, command and control,domain generation algorithms, andcontent filtering.
DATA SHEET FortiOSTM ET ADVANTAGE§ Intelligent WAN path control with the ability todirect traffic among WAN links based on over3,000 applications and users/user groups§ Broad coverage of application visibilityand first packet classification forefficientSD-WAN adoption§ Measure application transactions such aslatency, jitter, and packet-loss plus built-inautomatic fail-over to determine preferredpaths and maintain the optimal applicationperformance of business-critical applicationsExplicit Proxy§ Integrated NGFW and SD-WAN on thesame appliance further reduces TCOand complexity§ Use QoS, Traffic Shaping and policy routing forbandwidth management§ WAN Path Controller automationcontinues to provide high applicationperformance§ Peer to peer and remote user WAN optimizationand byte caching technologies§ Industry’s highest IPsec VPNperformance§ New: Passive WAN health measurement§ Zero Touch Deployment of SD-WANEdge§ Explicit HTTP and HTTPS, FTP over HTTP, orSOCKS proxying of IPv4 and IPv6 traffic on oneor more interfaces§ Integrated, enterprise-class explicitweb proxy provides HTTP and HTTPSproxying with the added benefits ofUTM security and user identity§ Transparent web proxyIPv6§ Comprehensive IPv6 support for routing, NAT,security policies, and more§ Operating mode options provideflexibility when deploying into existingor new networks, reducing networkchange requirementsHigh Availability§ Support for industry-standard VRRP and variousproprietary solutions, with ability to combinemore than one high availability solution into asingle configuration§ Flexible high availability offerings alloworganizations to pick the most suitablesolutions based on their networkenvironments and SLA requirementsRouting/NAT§ Comprehensive routing protocols and NATsupport§ Wide-ranging routing features thatmeet carrier and enterprise resiliencenetworking requirements§ Traffic redirection with ICAP and WCCP supportL2/Switching§ Ability to craft software switches or emulateVLAN switches from interfaces§ Support SPAN ports and port aggregation withmultiple interfaces.§ Flexible interface configurations offervarious setup possibilities that best suitan organization’s network requirementswhile providing optional access security§ Implement admission control modes oninterfaces such as 802.1x or captive portal§ Comprehensive WiFi and WAN interfaceconfiguration options§ VXLAN and EMAC VLAN SupportOffline Inspection§ Sniffer mode allows threat and usage monitoringof network activities offlineEssential Network Services § A wealth of networking services such as DHCP,DNS server, NTP server and more§ Wide-ranging routing features thatmeet carrier and enterprise resiliencenetworking requirements§ Built-in, out-of-the-box capabilities letorganizations quickly provide necessarynetwork services to internal terminals orto integrate with other network devices88
DATA SHEET FortiOSTM 7.0HIGHLIGHTSPlatform SupportFEATUREHIGHLIGHTSFORTINET ADVANTAGEPhysical Appliance ( SPU)§ Integration with proprietary hardwarearchitecture that includes accelerationcomponents (SPU) and multicore processors§ Superior software and hardwareintegration ensures the optimal useof hardware components, yieldingthe highest cost/performance forcustomersVirtual System§ Virtual Domains (VDOMs): Virtualized FortiOScomponents to multiple logical systems on asingle virtual or physical appliance.§ Built-in, out-of-the-box capabilities letorganizations quickly provide necessarynetwork services to internal terminals orto integrate with other network devices§ Global security profiles§ Support Virtual routing and forwarding(VRF) that allows multiple instances of a routingtable to exist and work simultaneously§ Support for Split-Task VDOM9Hypervisor§ Support for popular hypervisor platforms,including VMware vSphere, Citrix and opensource Xen, KVM, and MS Hyper-V§ Consistent management and featuresbetween physical and virtual appliancesreduces management cost andsimplifies deploymentsCloud§ Support for public cloud services: Amazon WebServices (AWS), Microsoft Azure, Google CloudPlatform (GCP), Oracle Cloud Infrastructure (OCI)and AliCloud§ Consistent management and featuresbetween on-premises and cloudplatforms reduces management costand simplifies deploymentsHosted (FortiSASE SIA)§ New: Powering FWaaS and hosted SWGcomponents of FortiSASE SIA offering§ SASE extends networking and securitycapabilities beyond where they havetypically been available, allowingusers, regardless of location, to takeadvantage of firewall-as-a-service(FWaaS), secure web gateway (SWG),zero-trust network access (ZTNA),and a medley of other threat detectionfunctions.
DATA SHEET FortiOSTM 7.0SPECIFICATIONSSecurity FabricSYSTEM INTEGRATIONSecurity Fabric Logging:- Synchronized logging to FortiAnalyzer configurations among FortiGates- Data exchange (information such as topology and device asset tags) with FortiAnalyzerTechnology ecosystem encompasses leading partners in the Firewall and Network RiskManagement, SDN and Virtualization, Security Information and Event Management(SIEM), Systems Integration, Testing and Training, and Wireless marketsNative integration with FortiSandbox, FortiSandbox Cloud, FortiMail, FortiNAC, FortiMailCloud, FortiProxy, FortiAI, FortiDeceptor, FortiTester and FortiWebCENTRAL MANAGEMENT AND PROVISIONINGCentral management support: FortiManager, FortiCloud hosted service, web service APIsRapid deployment: Install wizards, USB auto-install, local and remote script executionCLOUD AND SDN INTEGRATIONCOMPLIANCE AND SECURITY RATINGRun a series of system configuration compliance check against PCI requirementsSecurity Fabric Rating: audit components within the fabric against best practices, provideresults and recommendations, then allow users to easily apply remediations for someitemsManages network devices compliance via dynamic access control with tags provided byexternal client management systemsADVANCE THREAT PROTECTION (ATP)Display list of vulnerable hosts and their vulnerabilities via telemetry with FortiClientDisplay list of compromised hosts via information provided by FortiAnalyzerExternal cloud-based or on-premise file analysis (OS sandbox) integration:- File submission (with option to select types)- Receive file analysis reports- Receive dynamic signature updates from file analysis system (file checksum andmalicious URL DB)Support for external block lists for domain names, web filtering URLs, IP addresses andmalware hashesIntegration via connectors with:- Public Cloud: AWS, MS Azure, GCP, OCI, AliCloud and IBM Cloud- Private SDN: Kubernetes, VMware ESXi and NSX, OpenStack, Cisco ACI, NuageNetworks and Nutanix PrismWIRELESS CONTROLLERAPI Preview: view all REST API requests being used on a particular GUI pageManages and provisions settings for local and remote access pointsVISIBILITYSSID Authentication:- WPA2-Personal, WPA2-Enterprise- WPA3 (SAE, SAE transition, Enterprise- OpenInteractive and graphical visualizer for user, device, network, and security activities(FortiView):- A variety of GUI consoles that display current and historical status using differentperspectives such as‘sources’, ‘destinations’, ‘applications’, and ‘threats’ etc.- Threat and VPN map- Data view options: Table, bubble chart, or world map if applicable- Statistics and system information about the connected fabric device- Accelerated session indication- WHOIS Lookup for Public IP addresses within FortiView and log tablesPhysical and logical topology viewers that illustrate:- location of hosts within the security fabric network- one-click access to quarantine, IP ban, or access detailed contextual information ofhosts- connections between security fabric entities- SD-WAN related information such as link usageAggregated data views with downstream FortiGates within a Security Fabric- presented on FortiView, topology maps, and monitorsAUTOMATIONDefine automation within the Security Fabric using simple if-then setup:- Triggers: Compromised host detection, system status, configuration changes,FortiAnalyzer event handler, Incoming Webhook and schedule- Actions: CLI scripts, email, iOS, MS Teams and Slack notification, public cloud functions,API calls/webhooksQuarantine remote host automatically at the access layer with FortiAP and/or FortiSwitch,or FortiClient via EMSSupports integrated or external captive portal, 802.1x, preshared keysClient limiting, MAC filtering, broadcast disabling, block intra-traffic and host quarantineon SSIDMultiple PSK for WPA PersonalDynamic user VLAN assignment:- with RADIUS attributes- with VLAN Pooling (Round-Robin/Hash Load balancing)Airtime fairness: improve the overall network performance by managing downlink linktraffic toward different clients with balanced airtimeCAPWAP data channel security: DTLS and IPsec VPN optionWiFi Security: Rogue AP suppression, wireless IDS, monitor and suppress phishing SSIDWiFi troubleshooting tools, spectrum analysis and location mapExtended logging information in key areas to help WiFi troubleshooting:- association, authentication, DHCP, and DNSWireless topology support: Fast roaming, AP load balancing, Wireless Mesh and bridgingWiFi QoS WMM marking: preserve the WiFi Multi-Media (WMM) QoS marking of packetsby translating them to DSCP values when forwarding upstream (For 802.11ac-W2 APsonly)Wi-Fi Alliance Agile Multiband Operation (MBO) support: enables better use of Wi-Finetwork resources in roaming decisions and improves overall performanceControlled failover between wireless controllersNETWORK ACCESS CONTROL (NAC)SWITCH CONTROLLERLocal user database and remote user authentication service support: LDAP, Radius andTACACS , native FortiClient and FortiNAC user integration and two-factor authenticationExtends access control and security to wired devices by managing Fortinet switches(FortSwitch) via CAPWAP-like communication known as FortiLinkSingle-sign-on: Integration with Windows AD, Microsoft Exchange Server, NovelleDirectory, FortiClient, Citrix and Terminal Server Agent, Radius (accounting message),POP3/POP3S, user access (802.1x, captive portal) authenticationAutomatic provisioning of switch firmware upon authorizationSAML SSO support within a fabric network allows an administrator to move betweenfabric devices without logging in againPKI and certificates: X.509 certificates, SCEP support, Certificate Signing Request (CSR)creation, auto-renewal of certificates before expiry, OCSP supportIntegrated token server that provisions and manages physical, SMS, and Soft One TimePassword (OTP) tokensZTNA Framework: FortiClient EMS uses zero-trust tagging rules to automatically tagmanaged endpoints based on various attributes detected by the FortiClient. These tags aresynchronized as dynamic address objects on the FortiGateNAC with integrated Wireless and Switch Controller:- supports NAC profiles that onboard clients into the default VLAN, NAC policies matchclients based on device properties, user groups, or ZTNA tags, and then assign the clientsto specific VLANsSwitch Topologies:- single/stack of switch units- HA-mode FortiGate with single/Stack of switch units- HA-mode FortiGate with two-tier switch units (Optional: with access rings)- Dual-homed servers connected to a pair of switch units using an MCLAG- Standalone/HA-mode FortiGate unit with dual-homed FortiSwitch access- Multi-tiered MCLAG with HA-mode FortiGate unitsSwitch port Features:- PoE settings- DHCP blocking and IGMP snooping- STP (status, BPDU, root guard)- LLDP, IGMP, sFlow and Dynamic ARP inspection (DAI)- Port mirroringPort security policies:- 802.1x Port-based and MAC-based mode- Restrict the type of frames allowed through IEEE 802.1Q ports- RADIUS accounting support- MAC authentication bypass- EAP pass-through10 10
DATA SHEET FortiOSTM 7.0NAC policy enforcement: use user or detected device information, such as device type orOS, to put traffic into a specific VLAN or apply specific port settings- Device attributes conditions: MAC address, hardware vendor, device type, operatingsystem- User-based conditions- Actions: assignment to VLAN and application of port specific settingsProvision of guest, authentication-fail and quarantined VLANsWAN INTERFACE MANAGERSupport USB 3G/4G Wireless WAN modems and modem extender (FortiExtender)3G/4G modem settings:- Support standalone and as redundant WAN interface mode- “Always connect” and “On demand” dial mode- Configurable redial limitSome hardware variants support in-built DSL and/or 3G/4G modemsPolicy & ControlPOLICY MODESPolicy objects: predefined, custom and object groupingAddress objects: subnet, IP, IP range, GeoIP (Geography), FQDN, Dynamic (based onreceived tags from external systems) and MAC addressInternet Service DB: Dynamically updated DB that provides a list of pop
§ Built-in token server to manage both physical and mobile tokens for use with various FortiOS authentication requirements such as VPN access and FortiGate administration § NEW: Improved ZTNA (Zero Trust Network Access) framework for mobile endpoints § FortiOS integrates with a wide variety of AAA services to facilitate
