Fortinet - FortiOS 7.0 released
Fortinet FortiOS
Fortinet has this week released FortiOS 7.0, the latest version of FortiOS. Compared to previous versions, it has a smaller list of innovations, but some that are quite something. For this reason, Fortinet has also raised the version directly from 6.4 to 7.0.
For example, FortiOS 7.0 offers the possibility to migrate interfaces and associated firewall rules into SD-WAN zones without having to reconfigure them. In the past, the latter was often criticised by users who operate a rather classic setup and still wanted to use the improved SD-WAN features. SD-WAN in general has also undergone several optimisations. The clarity of the menus has been significantly improved by combining several pages into one and various configuration options are now more conveniently accessible via tabs.
Commands that were previously only possible via the CLI are now also possible via the web interface in SD-WAN, such as setting the source IP for network traffic, which is triggered by the FortiGate itself during FortiGuard updates or DNS queries.
With FortiOS 7.0, Fortinet presents the first implementation of a Zero Trust Network Access (ZTNA) functionality. Here, internal resources can be provided securely without having to resort to a VPN tunnel. In addition, the user and device are verified again for each session. In addition, access guidelines are simplified. It does not matter whether the employee is on premise, in the home office or on a field trip. The rules are always the same.
In order to simplify the creation of firewall rules, it is now also possible to create a firewall rule directly after creating objects, for example addresses or virtual IPs, by right-clicking on the object and entering the object automatically. A comparatively small quality-of-life change that is appreciated when many objects and rules have to be created.
For those for whom the web interface is not enough, Fortinet also has something new to offer: From many menu items in FortiOS 7.0, the CLI can be called directly in the corresponding category and rules, filters and settings can be edited from there. In addition, FortiOS 7.0 offers a preview when these settings are made via the REST API. This innovation makes it easier for administrators who want to make settings automatically from outside. Until now, it was very difficult or even expensive to obtain the relevant documentation via the Fortinet Developer Network.
There have also been changes to the security profiles: The antivirus engine now also uses AI-supported machine learning as standard from FortiOS 7.0 in addition to the pattern-based scan. Furthermore, there are new profiles. For example, parts of the web filter profile have been separated and in the video filter profile it is now possible to block certain categories on YouTube instead of blocking YouTube completely. With the new File-Filter profile, specific file types can be allowed or blocked and conveniently applied to multiple firewall rules. This more granular division of tasks makes it easier to apply specific policies to firewall rules.
If you use Let's Encrypt SSL certificates in your organisation, FortiOS 7.0 allows you to use the Automated Certificate Managent Environment (ACME) to secure administrative access. Other certificate providers that support the ACME protocol can also be used. This facilitates the implementation and renewal of certificates. The prerequisite for this is that the FortiGate can be reached from the Internet via a public IP and FQDN.
A new feature has even been added to the VPN: A site-to-site VPN connection between two FortiGates is now also possible on an SSL basis. If for some reason an IPSec connection is not possible, a secure alternative connection is possible with FortiOS 7.0.
Users who want to customise the web interface of their FortiGate can now choose from several new themes. The increasingly popular Dark Themes are now also available for selection. For users who have been using FortiOS since the early days, the Retro Theme might also be of interest. The only downer is that the classic green theme, which has been familiar since FortiOS 6.0, is unfortunately no longer available.
Finally, a word of warning: Even though many reports from testers in the lab are positive, we still advise against rolling out this new version directly in production use. We recommend testing the new FortiOS version in a lab environment first to identify any problems and bugs before updating.
If you are interested in a security solution from Fortinet, or even if you would like to test it, please feel free to contact us by phone, e-mail or our contact form. We look forward to your enquiry!