Fortinet ramps up security, convergence features in FortiOS 7.2

Major enhancements include a new inline sandbox service that adds protection capabilities to detection, and enhancements to the company’s ZTNA, SD-WAN, SD-Branch, and 5G.

John Maddison, EVP of Products and CMO at Fortinet

Today, Fortinet is announcing the availability of the 7.2 release of the FortiOS operating system for their Fortinet Security Fabric. While it boasts over 300 new features, the key ones are a new inline sandbox service that performs real-time in-network prevention as well traditional detection, enhancements to their Zero Trust Network Access [ZTNA- that further improve integration and other enhancements to their SD-WAN, SD-Branch, and 5G.

“When we introduced FortiOS 7.0 a year ago, the big theme was more background foundation work,” said John Maddison, EVP of Products and CMO at Fortinet. “It’s the same theme for us with the 7.2 release – more security, more convergence and more consolidation. Those won’t change as we go forward.”

Fortinet emphasizes that they have the industry’s first and only platform to converge essential networking and security functions and consolidate security point products into a unified platform. Competitors also have combined networking and security platforms, but Maddison said that there is a massive difference between them.

“Our OS will support the full magic quadrant from network firewall, to wireless and SD WAN,” Maddison stressed. “Our competitors have bought theirs. Ours are all the same product, so it’s a truly converged platform. It’s very hard to make these things work together when you buy things and add them to a mature code base. Ours is built organically. When we built our SD-WAN, we built it inside the firewall. We put our ZTNA right inside the firewall. This makes the FortiOS far ahead of the competition.”

Maddison said that Fortinet’s core premise is that those who think traditional networking will become much less relevant with the move to the cloud are completely wrong,

“We totally disagree,” he emphasized. “No one will be cloud only. Cloud only is like detection only. The whole world is hybrid and will be hybrid forever. Everyone will be network-centric. If you don’t know what the network is, you can’t control the digital experience. You still have to get to the cloud. SD-WAN is  is the fastest growing piece of networking right now and the reason for that is that it’s application-focused and cloud-focused. However, it still needs an onramp to the cloud. A lot has moved to the cloud and you need a cloud strategy as well, but we can manage all environments.”

That requires a fully converged environment in which all solutions are designed to operate as part of an integrated fabric.

“This requires building out a platform approach,” Maddison said. “It also requires continue converging networking and security. And it especially requires providing protection as well as detection.

One key new feature which adds protection to traditional detection is FortiOS 7.2’s new inline sandbox service, which transforms a traditional detection sandbox capability into real-time in-network prevention.

“In the past, sandboxes would tell you that you had a bad file,” Maddison said.. Inline sandboxing detects and protects, and point vendors have been able to do it because they are sitting on the endpoint. It’s very different for the network. With the new inline sandboxing capability, we can now detect if a file in the network is bad, and if it is, we can stop it. So we are more than detection. That’s very unique. This is something that hasn’t been done before in the network because of speed. In addition, some sandboxing companies aren’t even part of the network – just in the cloud.”

New ZTNA enhancements in 7.2 make WFA [Work From Anywhere] deployments easier to deploy.

“We continue to move ZTNA enhancements forward,” Maddison said. “They are now available as policy enforcement in all the firewalls, which is very unique again, and are also available inside the SASE service. ZTNA has also been enhanced in terms of integrations with identity engines. A lot of small capabilities have also been added that help build ZTNA across the network, such as the enforcement now being the SASE as well as the virtual firewalls.”

Other enhancements include building out SD Branch to improve ROI, and. – continuing to enhance the fabric capability and network and security functions.

“We also have made enhancements around 5G, which are a really important part,” Maddison said. “In the platform piece we continue to build out the platform to enhance the Cybersecurity Mesh Architecture, where we are making a push.”

Maddison said that this is all very good news for partners.

“They can add a lot of value around security and architecture services,” he said. “We are a very partner-focused company. Some of the cloud vendors are now cutting the channel out completely because they are bleeding money. They don’t want to cut growth, so they cut out the channel to save money.”