FortiOS 7 Features I Am Excited About
HTML-код
- Опубликовано: 11 апр 2021
- Buy Hardware: bit.ly/2QZVeqh
Get Consulting: bit.ly/36FinSU
My Other Projects:
Office Of The CISO: bit.ly/3HGMH1o
Packet Llama: bit.ly/3SEX3H4
###### SOCIAL LINKS ######
Twitter: bit.ly/2WXiRAv
Facebook: bit.ly/3eigz4D
Instagram: bit.ly/3cZneAz
######################
1. Added new Application bandwidth widget
2. SSLVPN and IPSEC Monitoring Improvements
3. Rolling 7 day hit counters for policies
4. Passive WAN Health Management
5. Zero Trust Network Access (SSL Proxy connection means no more VPN)
6. NGFW App Control Groups in NGFW
7. Allowing multiple virtual wire pairs in a policy
8. FortiGate as an SSLVPN Client
9. Logging of execution of CLI commands
10. More Themes (including the old school ones)
11. Dynamic Routing Capabilities Improved In The GUI
Define multiple certificates in an SSL profile in replace mode is a killer feature, FINALLY we can protect a single SSL Server hosting multiple websites. SNI!!! I hope to fo to 7 when it will be very stable.
I'd love to see a video about setting up Zero Trust Network Access. I get the basic concept but I guess I don't understand what it "looks like" when it's setup.
Looking forward to the dynamic routing video!
Beard game is strong 💪. As always, solid video.
Thanks for the info, you had me laughing when you mentioned PTSD and the old green theme!
Thanks Mike, Always helpful.
Like the PTSD part. Waiting for more new features breakdown~~~
Hi Mike, Can you please make a video about this ZTNA? Specially explaining how it will work for SSL VPN
Migrating interfaces into Zones & SD-WAN is a nice QOL change :D
Literally spent my weekend doing this.
Whoever makes interfaces and doesn't put it in a zone before using it deserves a special place in hell
It would be very interesting to see about "Dynamic Routing Capabilities Improved In The GUI"
Fortinet support have been top-notch in my experience.
how much load that ssl vpn will put on the cpu tho? what if i have 10,000 users lol running forticlient + fortiauth?
Thanks for sharing this video. One thing more, would you please give more videos as lab one for SDWAN?
I have two ISP and they’re not use at same time, is there any way to use both of them?
yes, there is a way, you must create a SD-WAN rule and use the ISP that you have in the second position on the SD-WAN config and send some traffic for that Rule For example youtube traffic or file sharing traffic, that Rule will force traffic for both ISP, i had that issue and that was the way i Fix It.
Nice shirt and epic beard!
Do you know if FortiOS 7 will be mark as the LTS version ?
Is it possible to view the results of an uploaded script?
You didn't mention the built-in ACME client for Let's Encrypt certs! That's on the top of my list of favorite new features.
Very good point and it definitely should have made the list.
His shirt is relatable. My company paid Fortinet support because we had trouble with Android devices and DNS. Worked around it with DNS Database but I wanted a proper solution. The answer I got was: it's a known problem and my workaround the common solution :( I suspect Android's IPv6 preference, but IPv6 on fortigate is a mess in imho
Your T-Shirt 😂 our prod firewalls are suggesting we upgrade them to 7. Nah I don’t think so 😉
Can we buy that T-Shirt ?
I would also love to buy that shirt.
or happy to swap you with my official Fortinet polo or Riverbed polo
I wonder if someone else had issues with fortiswithces. I have an issue where I have a working cisco switch, and tried to replace it with an FS 548D switch, and the uplinks do not light up. I have replaced fiber parch cables, and sfp modules, but nothing seems to work. However the cisco unit has no issues with the same fiber, and same sfp modules.
Sounds like a faulty switch personally. Fortiswitches are rather accepting of sfps.
Do the interfaces show as down on each end?
Does the switch detect the sfps but just not bring up the connection? What firmware is your switch running?
@@imbergod5000 The switch detects the sfps, and not bringing the the connection up. FortiSwitch-548D-FPOE v6.2.1,build0176,190620
Its interest they put BGP configuration on the GUI, i think this show that more and more ISP's are choosing fortinet instead big names like huawei, juniper e cisco.
Maybe i wrong, buut that i think
I know a few IPS (all on the smaller size still) that are using fortigates now
Thanks for another great video.
"I stand by my creed of not moving forward with it until it's at least .4 or .5 of the release": That's hopefully 7.04 not 7.4, right?
Yes, he means 7.0.4 or 7.0.5.
That is correct. The 4th or 5th patch of the major release.
@@FortinetGuru Thanks - also to @Aglarend
Hi Mike, can i run it on a new install ?
Still risky and not recommend as there may be lots of unknown bugs.
For all my firewalls I need to be stable as possible I'm still running 6.0.12 on them.
At home I'm running 7.0 and it's fine.
The thing with a new install is it will come down to the complexity of your fortigate config.
If you going to have a very simple config and hardly use the box for all it's features then you will probably be fine .
If your new firewall is going to do any of the more complex stuff like, terminate multiple ipsec vpns, use vdoms and vlinks. dynamic routing, fabric connectors, fortiAPs (be a Wlc), HA, VIPs, or using the UTM features and deep inspection I would hold off going to 7.0 and wait till 7.1 at the earliest and obviously read the known issues on the release notes and confirm none of the features you want are effected
I tried out OS 7 on my FG60E and I broke my fortiAP 224D access points. After upgrading and downgrading twice I decided that it was the firmware not my access point. Anyone else have issues with access point compatibility? Maybe my stuff is just too old. lol
Is the AP on latest firmware?
@@FortinetGuru yes it is.
Sounds like a LAME bug that the .0 release has brought.
I need the fortios 7.0 image for eve Ng, could you give that image?
LAB up Fortinet ZTNA , with real time scenario
Fo sho. That’s a goal
u need to use mic. my Acer Nitro volume already set to max but ur voice still soft
Such is life LOL
test2block
test
Fortinet is not capable to block VPNs and have worst support team.
Which VPN ?
@@afdadfasfafdsa PSIPhone and some others. In logs it will show u blocked in reality vpn is not blocked
@@ccieengineer2990 give me a list of the vpns please, I really want to lab this.
What firmware are you running? Application control has come a long way in the recent 6.2 and 6.4 releases