Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 7.6.6 Administration Guide
    7.6.6
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    FortiSASE-Sovereign NEW

    FortiSASE-Sovereign NEW

    FortiSASE-Sovereign is Fortinet’s sovereign SASE solution that offers a turnkey, private SASE service that ensures data remains within designated jurisdictions, while giving its customers complete control over their deployment locations, features, and infrastructure. See the FortiSASE-Sovereign Architecture Guide for more information.

    FortiOS 7.6.5 and later supports FortiSASE-Sovereign licensing bundles for the FortiGate 91G and 901G devices.

    After applying the FortiSASE-Sovereign license in FortiOS, the following restrictions apply:

    • The Policy & Objects pane is restricted in the GUI, and the config firewall command is restricted in the CLI.

    • The restore option is restricted in the GUI, and the exec restore command is restricted in the CLI.

    With the FortiSASE-Sovereign license installed and activated, go to the FortiSASE-Sovereign portal to complete the onboarding process. See Log on to FortiSASE-Sovereign for more information. Completion of the FortiSASE-Sovereign onboarding process enables sovereign SASE in FortiOS and further restricts the FortiOS GUI and CLI:

    • All administrator sessions are logged out of FortiOS.

    • The Network Interfaces pane becomes read-only in the GUI.

    • Configurations can no longer be restored to FortiOS using the GUI and CLI.

    After applying the license and completing the FortiSASE-Sovereign onboarding process, use FortiSASE-Sovereign to manage FortiGate configurations.

    Note

    Do not manually enable sovereign SASE in FortiOS because it will cause the FortiSASE-Sovereign onboarding process to fail.

    config system sov-sase
    set status enable
end

    Enabling FortiSASE-Sovereign

    To enable FortiSASE-Sovereign in the GUI:

    1. In FortiOS, apply the FortiSASE-Sovereign license.

    2. Verify the license is activated by going to System > FortiGuard to see the Fortinet Sovereign SASE license status.

    3. In the FortiSASE-Sovereign portal, complete the onboarding process. See Log on to FortiSASE-Sovereign for more information.

      The onboarding process enables sovereign SASE on FortiOS.

      All admin sessions are logged out of FortiOS, and a confirmation dialog box is displayed:

    4. In FortiOS, click Confirm.

      The FortiOS GUI and CLI become restricted.

    5. Use FortiSASE-Sovereign portal for FortiGate configuration.

    To enable FortiSASE-Sovereign in the CLI:

    1. In FortiOS, apply the FortiSASE-Sovereign license.

    2. In the FortiSASE-Sovereign portal, complete the onboarding process. See Log on to FortiSASE-Sovereign for more information.

      The onboarding process enables sovereign SASE on FortiOS.

      config system sov-sase
    set status enable
end

      All admin sessions are logged out of FortiOS, and the CLI becomes read-only, except for the following commands:

      config system cloud-service
config system sdn-vpn
config system sov-sase

    Disabling FortiSASE-Sovereign

    Disabling sovereign SASE forces a factory reset of the FortiGate.

    To disable FortiSASE-Sovereign:
    config system sov-sase
    set status disable
end
Sovereign SASE status will be disabled and the system will be reset to factory default state.
Do you want to continue?
    Previous
    Next

    FortiSASE-Sovereign NEW

    FortiSASE-Sovereign NEW

    FortiSASE-Sovereign is Fortinet’s sovereign SASE solution that offers a turnkey, private SASE service that ensures data remains within designated jurisdictions, while giving its customers complete control over their deployment locations, features, and infrastructure. See the FortiSASE-Sovereign Architecture Guide for more information.

    FortiOS 7.6.5 and later supports FortiSASE-Sovereign licensing bundles for the FortiGate 91G and 901G devices.

    After applying the FortiSASE-Sovereign license in FortiOS, the following restrictions apply:

    • The Policy & Objects pane is restricted in the GUI, and the config firewall command is restricted in the CLI.

    • The restore option is restricted in the GUI, and the exec restore command is restricted in the CLI.

    With the FortiSASE-Sovereign license installed and activated, go to the FortiSASE-Sovereign portal to complete the onboarding process. See Log on to FortiSASE-Sovereign for more information. Completion of the FortiSASE-Sovereign onboarding process enables sovereign SASE in FortiOS and further restricts the FortiOS GUI and CLI:

    • All administrator sessions are logged out of FortiOS.

    • The Network Interfaces pane becomes read-only in the GUI.

    • Configurations can no longer be restored to FortiOS using the GUI and CLI.

    After applying the license and completing the FortiSASE-Sovereign onboarding process, use FortiSASE-Sovereign to manage FortiGate configurations.

    Note

    Do not manually enable sovereign SASE in FortiOS because it will cause the FortiSASE-Sovereign onboarding process to fail.

    config system sov-sase
    set status enable
end

    Enabling FortiSASE-Sovereign

    To enable FortiSASE-Sovereign in the GUI:

    1. In FortiOS, apply the FortiSASE-Sovereign license.

    2. Verify the license is activated by going to System > FortiGuard to see the Fortinet Sovereign SASE license status.

    3. In the FortiSASE-Sovereign portal, complete the onboarding process. See Log on to FortiSASE-Sovereign for more information.

      The onboarding process enables sovereign SASE on FortiOS.

      All admin sessions are logged out of FortiOS, and a confirmation dialog box is displayed:

    4. In FortiOS, click Confirm.

      The FortiOS GUI and CLI become restricted.

    5. Use FortiSASE-Sovereign portal for FortiGate configuration.

    To enable FortiSASE-Sovereign in the CLI:

    1. In FortiOS, apply the FortiSASE-Sovereign license.

    2. In the FortiSASE-Sovereign portal, complete the onboarding process. See Log on to FortiSASE-Sovereign for more information.

      The onboarding process enables sovereign SASE on FortiOS.

      config system sov-sase
    set status enable
end

      All admin sessions are logged out of FortiOS, and the CLI becomes read-only, except for the following commands:

      config system cloud-service
config system sdn-vpn
config system sov-sase

    Disabling FortiSASE-Sovereign

    Disabling sovereign SASE forces a factory reset of the FortiGate.

    To disable FortiSASE-Sovereign:
    config system sov-sase
    set status disable
end
Sovereign SASE status will be disabled and the system will be reset to factory default state.
Do you want to continue?
    Previous
    Next