FortiOS 8.0 is the most significant FortiGate firmware release in years, and most of what is new is aimed squarely at the problems Canadian IT teams are dealing with right now: generative AI traffic they cannot see, the looming shift to quantum-safe encryption, and ZTNA rollouts that were harder to configure than they needed to be. This post breaks down what is actually new in FortiOS 8.0, what each feature means in practice, and how to think about upgrading the FortiGate firewalls already on your network.
The headline addition in FortiOS 8.0 is application control support for generative AI and large language model protocols, including Model Context Protocol (MCP) and Agent-to-Agent (A2A). Until now, AI traffic mostly hid inside ordinary HTTPS and was invisible to policy. FortiOS 8.0 lets your FortiGate recognize and govern that traffic directly, so you can decide which AI tools and agent workflows are allowed, log how they are used, and stop sensitive data from leaking into a public model. If governing AI usage is on your roadmap, this is the feature that makes it enforceable at the network edge. We cover the configuration side in our guide to protecting GenAI with FortiGate Application Control.
FortiOS 8.0 upgrades several modules to support quantum-safe algorithms, including agentless VPN, the management interface over SSH and the GUI, IPsec VPN, and even SSL deep inspection. The threat here is “harvest now, decrypt later,” where an attacker captures encrypted traffic today and decrypts it once quantum computing matures. Building post-quantum cryptography into the firewall now means the FortiGate you deploy today is positioned for that transition rather than needing a forklift upgrade later.
Data Loss Prevention in FortiOS 8.0 gains Optical Character Recognition, so the firewall can scan images for sensitive information such as credit card numbers and other PII. Screenshots and photographed documents have long been a blind spot for DLP. OCR closes that gap, which matters for any organization handling cardholder data or personal information under Canadian privacy obligations.
The Cloud Access Security Broker database grows to more than 2,700 recognized SaaS applications, and a new classification framework lets administrators mark applications or whole categories as sanctioned or unsanctioned, with FortiView reporting to match. That turns shadow IT from a guessing game into a managed policy: you decide what is approved, and the FortiGate shows you who is using what.
FortiOS 8.0 introduces meaningful configuration simplification and modularization for Zero Trust Network Access. Objects are decoupled so they can be combined in different ways within a ZTNA policy, which reduces the setup friction that slowed earlier ZTNA projects. If a previous ZTNA attempt stalled on complexity, 8.0 is a good reason to revisit it.
FortiOS 8.0 runs on current-generation FortiGate hardware, so the practical question is whether your appliance is on a supported platform and sized for the inspection you want to enable. Newer G-series models such as the FortiGate 91G and FortiGate 121G have the headroom to turn on GenAI control, deep inspection, and DLP together without choking throughput. You can compare the full lineup on our FortiGate firewalls page, and if you would rather not manage upgrades and policy yourself, our managed security services cover firmware, tuning, and monitoring for you.
Application control for generative AI and LLM protocols like MCP and A2A. It lets a FortiGate see and govern AI traffic that previously hid inside ordinary encrypted sessions.
Yes. Quantum-safe algorithms are supported across agentless VPN, IPsec VPN, the SSH and GUI management interfaces, and SSL deep inspection.
It depends on the model and its support status. Current-generation FortiGates are supported; older appliances may not be. Contact DataCenter360.ca and we will confirm your platform.
Tell us your model and traffic. We confirm support, size the appliance, and quote, usually same day.