1
FortiOS
™
7.0
Fortinet’s Security Operating System
The release of FortiOS 7.0 dramatically expands the Fortinet
Security Fabric’s ability to deliver consistent security across all
networks, endpoints, and clouds with SASE and ZTNA, among
others.
FortiOS 7.0 expands visibility and control, ensures the
consistent deployment and enforcement of security policies,
and enables centralized management across the entire
distributed network.
It allows organizations to run their businesses without
compromising performance or protection, supports seamless
scalability, and simplifies innovation consumption.
Delivering a consistent and dynamic security posture enables
users and devices to access applications where they are
deployed, from anywhere in the world with security that
automatically asses & adjust to match the risk.
Powered by FortiOS™ 7.0, the Fortinet Security Fabric delivers:
Highlights: What’s New
Networking
n
improvements
Security
n
FortiGuard Video Filtering
Service
n
DNS inspection enhancements
ACME Support
n
New Zero Trust Network
Access solution
n
Management
n
Support for Security Fabric in
Multi-VDOM mode
n
Fabric Devices to trigger
Automation Rules
n
Security Rating Overlays
DATA SHEET
Security-Driven Networking
Convergence of Networking and Security into a single, integrated
system that can expand to any edge
Zero-Trust Access
Knowing and controlling every connected user and device
Adaptive Cloud Security
Secure and control multi-cloud infrastructures and applications with
agility and automation
Available in:
Appliance
Virtual
Machine
Hosted
Cloud
2
DATA SHEET | FortiOS
TM
7.0
2
OVERVIEW
Introducing FortiOS
TM
7.0
Digital Innovation
As organizations accelerate their digital innovation
initiatives, ensuring their security can keep up with
today’s complex and fast-evolving threat landscape
is critical. The explosion of network edges – across
most recently, the home edge – has expanded
and splintered the perimeter across the entire
infrastructure.
The challenge with rapidly expanding the network
edge is that many of the technologies needed to
make things work don’t work together. Much of the
digital innovation progress has been piecemeal,
without a unifying security strategy or framework.
Most organizations have accumulated a wide
variety of isolated security tools designed to
protect a function or one segment of the network in
isolation.
Vendor and solutions sprawl has made maintaining
network-wide visibility and consistent policy
enforcement next to impossible, let alone
maintaining and monitoring the various security
and networking solutions in place for delivering the
expected high-performing user to application connection.
AND keeping ahead of threats that morph, change and
expand in rapid pace than ever before.
This approach can’t scale, slowing business down, introducing
more risk and complexity. It needs to evolve.
Fortinet addresses this challenge with the Fortinet Security
Fabric, an integrated cybersecurity platform with a rich
ecosystem designed to span the extended digital attack
surface to enable broad, integrated, and automated security
protecting devices, data, and applications.
and pillars, we keep organizations ahead of the threats
by providing continuous protection for data, users,
devices, and applications transition across networks,
powered FortiGuard Security Services, and automated
response capabilities. Our Fabric Management Center
provides organizations of any size to secure and simplify
their SOC, NOC, and IT infrastructure. And our new
SOCaaS and best practice services help ensure that the
organization’s overarching security posture is optimized.
Open
Ecosystem
Fabric Management
Center
Adaptive Cloud
Security
Security-Driven
Networking
Zero Trust
Access
FortiGuard
Threat Intelligence
FORTI OS
SOCNOC
3
DATA SHEET | FortiOS
TM
7.0
HIGHLIGHTS
Security Fabric
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
System Integration § Native integration with Fortinet products via
quick setup GUI connectors
§ Standard-based data exchange APIs support
with third-party solutions
§ Standard-based monitoring output – SNMP
Netflow/Sflow and Syslog support to external/
third-party SIEM, SOAR and logging systems
§ Endpoint/Identity infrastructure integrations
§ External threat feeds integrations
§ New: Security Fabric support in multi-virtual
domain environments
§ Ability to reuse organization’s existing
systems to lower TCO and streamline
processes
§ Expand security and operational
capabilities by seamlessly integrating
with external solutions
Central Management and
provisioning
§ Fortinet/third-party automation and portal
§ Rapid deployment features including cloud-
based provisioning solutions
§ Developer community platform access and
professional service options for complex
integrations
§ Extensive integration resources for Ansible and
Terraform
§
offering feature-rich service
enhancements
§ Comprehensive rapid deployment
options to save time and costs
§
empowers large service providers
and enterprises with shared
implementation/customization/
integration knowledge
Cloud and SDN Integration § Multi-cloud support using Cloud and SDN
AliCloud, VMware ESXi, NSX, OpenStack, Cisco
ACI and Nuage Virtualized Service Platforms
§ Kubernetes connectors for private and public
clouds
§ NEW: Show the REST API commands behind a
particular GUI action
§ Robust and comprehensive SDN
integration capabilities that
allow organizations to implement
cloud solutions securely without
compromising agility
4
DATA SHEET | FortiOS
TM
7.0
4
HIGHLIGHTS
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
Visibility § Interactive drill-down and topology viewers
that illustrate real-time and historical threat
status and network usage with comprehensive
contextual information
§ Aggregated data views provided by fabric
devices
§ One-click remediation that offers
accurate and quick protection against
threats and abuses
§ Unique threat score system, correlating
weighted threats with particular users
to prioritize investigations
§ Fabric-wide views expand visibility
beyond a single security entity, allowing
organizations to quickly spot problems
and address them
Automation §
performs appropriate actions based on triggers
defined, across the Fortinet Security Fabric
§ Automatically quarantine compromised hosts
using FortiClient via EMS or connections via
FortiSwitch and FortiAP
§ NEW: Fabric Devices to trigger Automation Rules
§ Reducing risk exposure and replacing
manual security processes with
automation to help address the
organizational challenges of tighter
budgets and a skilled staffing shortage
NAC § Interface with FortiAuthenticator and a wide
variety of external identity management systems
to facilitate user authentication processes
§
servers, access portals, and mail services
§
and mobile tokens for use with various FortiOS
authentication requirements such as VPN access
and FortiGate administration
§ NEW:
Access) framework for mobile endpoints
§ FortiOS integrates with a wide
variety of AAA services to facilitate
user admission control from various
entry points, giving users a simplified
experience while implementing greater
security
§ Easily implement two-factor
authentication for user and
administrator access at little cost
§ Simplified mobile user security
enforcement by easily distributing and
updating clients’ security profiles that
are consistent with gateway protection
Compliance & Security
Rating
§ Periodic system configuration checks on fabric
devices using a pre-defined checklist to reveal
security posture status updates; the data is kept
to produce historical trending charts
§ Audit setups against PCI compliance
requirements
§ Security rating ranking are benchmarked against
peers
§ Automates compliance auditing, which
frees up administration resources
§ Quickly verify the status and health
of your setup and connected devices
within the Fabric and identify any gaps
that can potentially leave you at greater
risk
Advance Threat Protection
§
§ Receive dynamic remediation (malicious file
analysis reports from external Fortinet file
analysis solutions (FortiSandbox)
§ Endpoint vulnerability views that present ranked
vulnerable clients with details
§ IOC service integration displays IOC detection
data from FortiAnalyzer onto FortiView and
topology maps
§ Supported by proven and industry-
validated AV research services.
§ Ability to adopt a robust ATP framework
that reaches mobile users and branch
offices, detecting and preventing
advanced attacks that may bypass
traditional defenses by examining
files from various vectors, including
encrypted files
§ Easily identify vulnerable hosts across
the fabric
§ Administrators can easily identify
suspicious hosts and quickly or
automatically quarantine them
5
DATA SHEET | FortiOS
TM
7.0
HIGHLIGHTS
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
Wireless Controller § Integrated wireless controller for Fortinet’s
wide range of AP form factors, including indoor,
outdoor, and remote models, with no additional
license or component fees
§ Enterprise-class wireless management
functionality, including rogue AP protection,
wireless security, monitoring, and reporting
§
§ The wireless controller integrates into
the FortiGate console providing a true
single-pane-of-glass management for
ease-of-use and lower TCO
Switch Controller § Integrated switch controller for Fortinet
access switches with no additional license or
component fees
§ Simplifies NAC deployment
§ Expands security to the access level to
stop threats and protect terminals from
one another
WAN Interface Manager §
§ Allows organizations to use or
connections while maintaining access
control and defining the usage for
those links
Operations
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
Configuration §
§ Ease of use with intuitive, state-of-the-art GUI
and wizards
§ One-click access and actions between log
viewers, dashboard widgets, policy tables, and
more
§ Intelligent object panel for policy setups and
edits
§ Unique FortiExplorer configuration tool
allows administrators to quickly access
configurations, including via mobile
phones and tablets
§ VPN wizards facilitate easy setup,
including popular mobile clients and
other vendors’ VPN gateways
§ Useful one-click access and actions
bring administrators to the next steps
quickly and accurately to swiftly
mitigate threats or resolve problems
Log & Reports § Detailed logs and out-of-the-box reports that are
essential for compliance, audits, and diagnostic
purposes
§ Real-time logging to FortiAnalyzer, FortiAnalyzer
Cloud, and FortiGate Cloud
§
§
§ Includes deep contextual information,
including source device details and
strong audit trail
§ GUI Report Editor offering highly
customizable reports
§ Managing logs holistically simplifies
configuration and guarantees that
critical information from every FortiGate
is centrally collected and available
for analysis. This closes any gaps in
intelligence
Diagnostics §
packet capture for troubleshooting hardware,
system, and network issues
§
§ Policy and routing GUI tracer
§ Comprehensive diagnostic tools
help organizations quickly remediate
problems and investigate abnormal
situations
6
DATA SHEET | FortiOS
TM
7.0
6
HIGHLIGHTS
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
Monitoring § Real-time monitors
§ NOC Dashboard
§ IOS push notification via FortiExplorer app
§ Dashboard NOC view allows you to
keep mission-critical information in view
at all times. Interactive and drill-down
widgets avoid dead-ends during your
investigations, keeping analysis moving
quickly and smoothly
Policy & Control
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
Policy Modes § Easy-to-use policy management with unique
Section or Global view options
§
§
§ Flexible policy setup with various
control systems assist organizations
in implementing effective network
security that is relevant to their
networks
Device Identification § Identification of different types of devices
present on the network
§ MAC address policy source objects
§ IoT security service allowing FortiGates to query
FortiGuard servers for more information about a
device
§ Empowers organizations to add critical
by identifying personal devices
SSL Inspection §
various security controls, such as AV and content
filtering
§
processors
§ Reputable sites database for exemptions
§ Identify and block threats hidden within
encrypted traffic without significantly
impacting performance
Security
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
Firewall § High-performance firewall within a SPU-powered
appliance
§ Implement security policies that use a
combination of source objects, IPs, users, and/
or devices
§ Automatically or manually quarantine users/
attackers
§ Directs registered FortiClient to host quarantines
§ Industry’s top firewall appliance with a
superior cost-performance ratio
VPN § Comprehensive enterprise-class features for
various types of VPN setups
§
§ Cloud-assisted Overlay Controller VPN that
supports, Full Mesh, Hub & Spoke topology with
ADVPN options
§ The FortiGate’s unmatched
performance for VPN allows
organizations to establish secure
communications and data privacy
between multiple networks and
hosts by leveraging custom security
processors (SPUs) to accelerate
encryption and decryption of network
traffic
7
DATA SHEET | FortiOS
TM
7.0
HIGHLIGHTS
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
IPS & DoS § Regular and rate-based signatures, supported
by zero-day threat protection and research for
effective, IPS implementation
§ Integrated DoS protection defends against
abnormal traffic behaviors
§ CVE reference for IPS signatures
§ Proven quality protection with “NSS
Recommended” award for superior
coverage and cost/performance
§ Adapts to enterprise needs with full IPS
features and NGIPS capabilities, such
as contextual visibility
§ Supports various network deployment
requirements, such as sniffer mode,
and compatible with active-bypass
bridging device or built-in bypass ports
for a selected model
Web & Video Filtering §
includes quotas, user overrides, transparent safe
search, and search engine keyword logging
§
languages and identifies redirected (cached and
translated) sites
§ New: Video Filtering using FortiGuard category
§ Multi-layered anti-proxy avoidance
capabilities with integrated application
control and IPS allow organizations to
implement air-tight web usage controls
Email Filtering § Highly effective, multilayered spam filters with
low false positives
§ Cost-efficient anti-spam solution for
small organizations or branch offices
without requiring investment in an
additional system
Application Control § Detects and acts against traffic-based on
applications while providing visibility on network
usage
§ Fine-grained control on popular cloud
applications, such as SalesForce, Google Docs,
and Dropbox
§ Superior coverage, including both
desktop and mobile applications,
enabling better management of
network access policies
§ Applies deeper application inspections
for better control and visibility as
more enterprises rely on public cloud
services
Anti-Malware § Flow- and proxy-based AV options for choices
between protection and performance
§
terminates botnet communication to C&C servers
§ Receive dynamic remediation (malicious file
analysis reports from external Fortinet file
analysis solutions (FortiSandbox)
§ Virus Outbreak Protection as an additional layer
of proactive protection targeted at new malware;
comparing and detecting threats using a real-
time FortiGuard checksum database
§
removes exploitable content before reaching
users
§ NEW: AI-powered heuristics detection engine
§ Supported by proven and industry-
validated AV research services
§ Ability to adopt robust ATP framework
that reaches mobile users and branch
offices, detecting and preventing
advanced attacks that may bypass
traditional defenses by examining
files from various vectors, including
encrypted files
Protective DNS § Uses existing DNS protocols and architecture to
analyze DNS queries and mitigate threats
§ Defenses in various points of the
network exploitation lifecycle,
addressing phishing, malware
distribution, command and control,
domain generation algorithms, and
content filtering.
8
DATA SHEET | FortiOS
TM
7.0
8
HIGHLIGHTS
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
§
§ Measure application transactions such as
latency, jitter, and packet-loss plus built-in
automatic fail-over to determine preferred
paths and maintain the optimal application
performance of business-critical applications
§ Use QoS, Traffic Shaping and policy routing for
bandwidth management
§
and byte caching technologies
§ New:
§
and first packet classification for
efficient
§
same appliance further reduces TCO
and complexity
§
continues to provide high application
performance
§ Industry’s highest IPsec VPN
performance
§
Edge
Explicit Proxy § Explicit HTTP and HTTPS, FTP over HTTP, or
or more interfaces
§ Transparent web proxy
§ Integrated, enterprise-class explicit
web proxy provides HTTP and HTTPS
proxying with the added benefits of
UTM security and user identity
IPv6 §
security policies, and more
§ Operating mode options provide
flexibility when deploying into existing
or new networks, reducing network
change requirements
High Availability § Support for industry-standard VRRP and various
proprietary solutions, with ability to combine
more than one high availability solution into a
single configuration
§ Flexible high availability offerings allow
organizations to pick the most suitable
solutions based on their network
Routing/NAT § Comprehensive routing protocols and NAT
support
§
§
meet carrier and enterprise resilience
networking requirements
L2/Switching § Ability to craft software switches or emulate
§ Support SPAN ports and port aggregation with
multiple interfaces.
§ Implement admission control modes on
interfaces such as 802.1x or captive portal
§
configuration options
§
§ Flexible interface configurations offer
various setup possibilities that best suit
an organization’s network requirements
while providing optional access security
Offline Inspection § Sniffer mode allows threat and usage monitoring
of network activities offline
§
meet carrier and enterprise resilience
networking requirements
Essential Network Services § A wealth of networking services such as DHCP,
DNS server, NTP server and more
§
organizations quickly provide necessary
network services to internal terminals or
to integrate with other network devices
Security
9
DATA SHEET | FortiOS
TM
7.0
HIGHLIGHTS
Platform Support
FEATURE HIGHLIGHTS FORTINET ADVANTAGE
§ Integration with proprietary hardware
architecture that includes acceleration
§ Superior software and hardware
integration ensures the optimal use
of hardware components, yielding
the highest cost/performance for
customers
Virtual System § Virtual Domains (VDOMs): Virtualized FortiOS
components to multiple logical systems on a
single virtual or physical appliance.
§ Global security profiles
§ Support Virtual routing and forwarding
table to exist and work simultaneously
§ Support for Split-Task VDOM
§
organizations quickly provide necessary
network services to internal terminals or
to integrate with other network devices
Hypervisor § Support for popular hypervisor platforms,
including VMware vSphere, Citrix and open
source Xen, KVM, and MS Hyper-V
§ Consistent management and features
between physical and virtual appliances
reduces management cost and
simplifies deployments
Cloud §
and AliCloud
§ Consistent management and features
between on-premises and cloud
platforms reduces management cost
and simplifies deployments
§ New:
components of FortiSASE SIA offering
§ SASE extends networking and security
capabilities beyond where they have
typically been available, allowing
users, regardless of location, to take
advantage of firewall-as-a-service
and a medley of other threat detection
functions.
10
DATA SHEET | FortiOS
TM
7.0
10
SPECIFICATIONS
Security Fabric
SYSTEM INTEGRATION
Technology ecosystem encompasses leading partners in the Firewall and Network Risk
Management, SDN and Virtualization, Security Information and Event Management
Native integration with FortiSandbox, FortiSandbox Cloud, FortiMail, FortiNAC, FortiMail
CENTRAL MANAGEMENT AND PROVISIONING
Central management support: FortiManager, FortiCloud hosted service, web service APIs
CLOUD AND SDN INTEGRATION
Integration via connectors with:
Networks and Nutanix Prism
API Preview: view all REST API requests being used on a particular GUI page
VISIBILITY
Interactive and graphical visualizer for user, device, network, and security activities
perspectives such as
‘sources’, ‘destinations’, ‘applications’, and ‘threats’ etc.
Physical and logical topology viewers that illustrate:
- location of hosts within the security fabric network
- one-click access to quarantine, IP ban, or access detailed contextual information of
hosts
- connections between security fabric entities
Aggregated data views with downstream FortiGates within a Security Fabric
- presented on FortiView, topology maps, and monitors
AUTOMATION
Define automation within the Security Fabric using simple if-then setup:
API calls/webhooks
Quarantine remote host automatically at the access layer with FortiAP and/or FortiSwitch,
or FortiClient via EMS
NETWORK ACCESS CONTROL (NAC)
eDirectory, FortiClient, Citrix and Terminal Server Agent, Radius (accounting message),
fabric devices without logging in again
creation, auto-renewal of certificates before expiry, OCSP support
Integrated token server that provisions and manages physical, SMS, and Soft One Time
ZTNA Framework: FortiClient EMS uses zero-trust tagging rules to automatically tag
managed endpoints based on various attributes detected by the FortiClient. These tags are
synchronized as dynamic address objects on the FortiGate
clients based on device properties, user groups, or ZTNA tags, and then assign the clients
COMPLIANCE AND SECURITY RATING
Run a series of system configuration compliance check against PCI requirements
Security Fabric Rating: audit components within the fabric against best practices, provide
results and recommendations, then allow users to easily apply remediations for some
items
Manages network devices compliance via dynamic access control with tags provided by
external client management systems
ADVANCE THREAT PROTECTION (ATP)
Display list of vulnerable hosts and their vulnerabilities via telemetry with FortiClient
Display list of compromised hosts via information provided by FortiAnalyzer
External cloud-based or on-premise file analysis (OS sandbox) integration:
malware hashes
WIRELESS CONTROLLER
Manages and provisions settings for local and remote access points
SSID Authentication:
Supports integrated or external captive portal, 802.1x, preshared keys
Client limiting, MAC filtering, broadcast disabling, block intra-traffic and host quarantine
on SSID
- with RADIUS attributes
Airtime fairness: improve the overall network performance by managing downlink link
traffic toward different clients with balanced airtime
- association, authentication, DHCP, and DNS
only)
network resources in roaming decisions and improves overall performance
Controlled failover between wireless controllers
SWITCH CONTROLLER
Extends access control and security to wired devices by managing Fortinet switches
Automatic provisioning of switch firmware upon authorization
Switch Topologies:
- single/stack of switch units
Switch port Features:
Port security policies:
11
DATA SHEET | FortiOS
TM
7.0
NAC policy enforcement: use user or detected device information, such as device type or
system
WAN INTERFACE MANAGER
- “Always connect” and “On demand” dial mode
Operations
CONFIGURATION
Management access: HTTPS via web browser, SSH, telnet, console
Administrator login:
FortiExplorer:
Feature Store: Toggle GUI component displays
GUI configuration:
- ‘One-click’ access that quickly transfer administrators to next step panels
Simplified Chinese, Traditional Chinese, Korean
LOG & REPORT
Encrypted logging & log Integrity with FortiAnalyzer
Scheduled batch log uploading, real-time logging or queue locally until external system is
available
Detailed traffic logs: forwarded, violated sessions, local traffic, invalid packets
Comprehensive event logs: systems & administrators activity audits, routing & networking,
IP and service port name resolution option
DIAGNOSTICS
hardware, system, and network issues.
Policy and routing GUI tracer
MONITORING
SNMP System Monitoring:
Traffic Monitoring:
- sFlow version 5
Graphical Monitors: Real-time system, network service, and user status viewers
Dashboard: customized widgets and layout
Policy & Control
POLICY MODES
Policy objects: predefined, custom and object grouping
received tags from external systems) and MAC address
applications with their vital information that can be used for policy setup, routing and link
load-balancing configurations.
User notifications: customizable replacement message for block sites and attachments
User quarantine:
DEVICE IDENTIFICATION
automatic classification, inventory management
Device inventory for visibility
SSL INSPECTION
Security
ANTI-MALWARE
Antivirus database type selection depending on the network and security needs
detected threats before AV signatures are available
Content Disarm and Reconstruction option:
AI-based malware detection: module is trained by FortiGuard AV against many malware
samples to identify file features that make up the malware
AV Inspected protocols and file types:
File quarantine (local storage required) and infected host ban
IPS AND DOS
detection, custom signatures, manual, automatic pull or push signature update, threat
encyclopedia integration
IPS Actions: Default, monitor, block, reset, or quarantine attackers IP with expiry time
Packet logging option
IP(s) exemption from specified IPS signatures
settings against TCP Syn flood, TCP/UDP/SCTP port scan, ICMP sweep, TCP/UDP/SCTP/
ICMP session flooding (source/destination)
IDS sniffer mode
PROTECTIVE DNS
DNS Filter: DNS-based web category filtering and botnet protection
12
DATA SHEET | FortiOS
TM
7.0
12
APPLICATION CONTROL
Email, Game, General Interest, Mobile, Network Service, P2P, Proxy, Remote Access,
Custom application signature support
Multiple parameter support on some signatures
Supports detection for traffic using HTTP/2 protocol and able to block QUIC traffic so that
Filter-based overrides by: behavior, category, popularity, technology, risk, vendor, and/or
protocol
Port enforcement check: block applications detected on non-default ports
Protocol enforcement: set networking services to defined ports. A violation can be set to
block
SSH Inspection
Deep application control over popular public cloud services, such as SalesForce, Google
Docs, and Dropbox
WEB & VIDEO FILTERING
Dynamic web filtering with cloud-based real-time categorization database:
Safe Search enforcement: transparently inserts Safe Search parameter to queries.
address, block redirects from cache & translation sites, proxy avoidance application
to user/user group/IP
Multiple, external blacklist support
Restrict access to Google Corporate Accounts only
Additional features offered by proxy-based web filtering:
Video filtering:
FIREWALL
Operating modes: NAT/route and transparent (bridge)
Schedules: one-time, recurring
Protocol type support: SCTP, TCP, UDP, ICMP, IP
User and device-based policies
Policy Management: Sections or global policy management view
VPN
download
groups
Single-sign-on bookmarks: reuse previous login or predefined credentials to access
resources
Personal bookmarks management: allow administrators to view and maintain remote client
bookmarks
One time login per user options: Prevents concurrent logins using same username
RDP, Citrix
the application server.
mode connections
MAC host check per portal
FQDN support for remote gateways
IPsec Aggregate tunnels: set up redundancy and traffic load-balancing
round-robin
Cloud-assisted One-Click VPN/ VPN Overlay Controller: easily configure
- hub-and-spoke VPN (with ADVPN option)
IPsec VPN deployment modes: Gateway-to-gateway, hub-and-spoke, full mesh,
redundant-tunnel, VPN termination in transparent mode
IPsec VPN Configuration options: Route-based or policy-based
between the spokes of a traditional Hub and Spoke architecture
PPTP,
GRE over IPEC
EMAIL FILTERING
Networking
ROUTING / NAT
Static and policy routing
13
DATA SHEET | FortiOS
TM
7.0
NAT configuration: Per policy based and central NAT Table
Multicast traffic: sparse and dense mode, PIM support
L2 / SWITCHING
addresses) to a single physical interface
multicast,
OFFLINE INSPECTION
Sniffer Mode: Dedicate an interface exclusively where all traffic entering the interface is
processed by the sniffer
SD WAN
Source IP, and spillover
session information that is captured on firewall policies
Multi-path intelligence using rules defined by:
Traffic shaping and QoS per policy or applications: Shared policy shaping, per-IP shaping,
interface-based traffic shaping, maximum and guaranteed bandwidth, maximum
Packet duplication:
on the destination FortiGate
Option to set up traffic shaping profile by defining the percentage of interface bandwidth
for each classified traffic and then bind to interfaces
Traffic Shaping Policies: Assigns traffic shape profile according to matching policy based
DSCP support:
Transparent Mode option: keeps the original source address of the packets, so that
servers appear to receive traffic directly from clients.
optimization tunnel
reducing bandwidth usage, server load, and perceived latency. Supports caching of HTTP
1.0 and HTTP 1.1 web sites
Support advanced web caching configurations and options:
expired objects, revalidated
prama-no-cache
EXPLICIT PROXY
Explicit web & FTP proxy: FTP, HTTP, and HTTPS proxying on one or more interfaces
users
servers
IP reflect capability
Explicit web proxy authentication: IP-based authentication and per session authentication
Transparent web proxy
IPV6
HIGH AVAILABILITY
series clustering
Redundant heartbeat interfaces
HA reserved management interface
Failover:
Deployment Options:
Standalone session synchronization
NAT sessions
ESSENTIAL NETWORK SERVICES
FortiGuard NTP, DDNS, and DNS service
Platform Support
PHYSICAL APPLIANCE (+SPU)
Integrates with SPU components for traffic processing acceleration.
VIRTUAL SYSTEMS
Virtual Systems (FortiOS Virtual Domains) divide a single FortiGate unit into two or more
virtual instances of FortiOS that function separately and can be managed independently.
Configurable virtual systems resource limiting and management such as maximum/
guaranteed ‘active sessions’ and log disk quota
VDOM operating modes: NAT/Route or Transparent
DATA SHEET | FortiOS
TM
7.0
Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet
®
, FortiGate
®
, FortiCare
®
and FortiGuard
®
, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.
www.fortinet.com
PRIVATE CLOUD
Support for popular hypervisor platform, including VMware vSphere, Citrix and open
source Xen, KVM, Nutanix and MS hyper-V
PUBLIC CLOUD
IAM, topology and CVE integration
Azure Stack: Active-Passive HA
Google Cloud Platform: auto-scaling, HA between zones
Oracle Cloud Infrastructure: Native and para-virtualized modes, IAM integration
AliCloud: autoscaling, native HA
Others
OTHERS
Server load balancing: traffic can be distributed across multiple backend servers:
round trip time, number of connections.
protocols.
HTTP cookie.
Credential Stuffing Defense: scans user names and passwords in submission traffic to
domain controller
corporate identifier
it to those in the fingerprint database
trailer) while the packet is processed by the FortiOS.
NOT
availability, please refer to Software feature Matrix on docs.fortinet.com
