Exploring the Changes

Fortinet’s FortiOS 7.2.1 brings a host of updates that redefine network security, management, and performance. These enhancements aim to improve functionality across various facets of network operations, ensuring organizations stay secure and efficient. Let’s explore the biggest changes introduced in this release.


1. FortiClient EMS Integration

This update streamlines endpoint management with predefined connectors for up to five FortiClient EMS instances. Administrators can now configure status, names, and display tenant IDs, providing greater flexibility and clarity in managing endpoints. Learn more here.


2. Procend 180-T DSL Transceiver Support

FortiGate devices now support the management of Procend 180-T DSL transceivers connected via SFP ports. Administrators can program physical layer attributes, retrieve status, monitor statistics, perform firmware upgrades, and reset modules. Supported VDSL profiles include 8a, 8b, 8c, 8d, 12a, 12b, 17a, and 30a. Supported models include FG-80F, FG-81F, FG-80F-BP, FGR-60F, and FGR-60F_3G4G. More details here.


3. FortiView Internal Hubs Monitor

A new FortiView page now displays internal host connections based on NetFlow data from managed switches. This feature provides insights into device connections and traffic patterns. The FortiLink interface can be configured as a NetFlow collector to enable this functionality. Find out more.


4. IPv6 Support in Cisco ACI SDN Connectors

FortiGate now supports IPv6 dynamic addresses retrieved from Cisco ACI SDN connectors. These addresses can be integrated into dynamic address objects for firewall policies, enhancing IPv6 capabilities. Note that this requires Fortinet SDN Connector VM version 1.1.10 or later. Read more here.


5. Internet Service Database (ISDB) Enhancements

IPv6 addresses are now supported in ISDB via the CLI, allowing for expanded IPv6 configuration in firewall policies. This improvement bolsters FortiGate’s IPv6 capabilities. More information available here.


6. FortiNAC Integration via REST API

A new REST API enables FortiNAC to send user logon/logoff information to FortiGate. This introduces a dynamic firewall address type (FortiNAC tag) to store device IPs, firewall tags, and group information. Note that the FortiNAC tags connector under Security Fabric > Fabric Connectors has been deprecated. Details here.


7. Security Rating PSIRT Vulnerability Support

FortiGate devices with a valid Security Rating license now include a separate Security Rating package from FortiGuard, adding support for PSIRT vulnerabilities. Critical vulnerabilities trigger warning messages in the GUI header and notifications, encouraging timely updates for affected devices. Learn more.


8. ZTNA Service Discovery for FortiClient

FortiClients can now discover available ZTNA services via the FortiGate ZTNA portal. Supported services include HTTP/HTTPS web services, TCP forwarding services, and web portals. This discovery occurs through DoT or DoH tunnels, with service mappings retrieved in JSON format. More on this here.


9. RADIUS Accounting Message Delimiter Option

Administrators can now configure the RADIUS accounting message group delimiter to a comma (,) instead of the default plus sign (+) when using RSSO. This added flexibility enhances compatibility with different systems. Further details here.


10. Internet Service Database Size Options

FortiOS 7.2.1 introduces three sizes for internet service databases—full, standard, and mini. The mini size is configurable on FortiGate 30 and 50 series models, allowing database optimization based on device capabilities. Explore more.


11. Enhanced IP Address Management (IPAM)

The GUI and CLI now support multiple IPAM pools, enabling administrators to assign these pools to different interfaces based on name and/or role using IPAM rules. This update improves IP address management flexibility and efficiency. Details here.


12. YAML Configuration Backup/Restore

YAML can now be selected as a file format for configuration backup and restoration. This provides an alternative to traditional formats, catering to organizations that prefer YAML for its readability and versatility. Learn more here.


Conclusion

The updates in FortiOS 7.2.1 showcase Fortinet’s commitment to innovation in network security and management. From enhanced endpoint and IP address management to expanded IPv6 support and streamlined vulnerability tracking, these features empower organizations to strengthen their security posture while improving operational efficiency. Explore these updates further to ensure your network remains ahead of evolving cyber threats.

Interested in leaning more? Contact us today to see how BALANCED+ can help implement Fortinet into your security infrastructure