Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.10
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    7.4.10
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Configuring an inline CASB profile

    Configuring an inline CASB profile

    Use an inline CASB security profile to enable granular control over SaaS applications in firewall policies.

    To create or edit an inline CASB profile:

    1. Go to Security > Firewall Objects.

    2. Select Inline CASB from the Security Profiles dropdown.

    3. Click Create or select an existing profile from the list and click Edit.

    4. Enter a Name for the profile.

    5. Optionally, enter Comments.

    6. In SaaS Applications, click Create and enter the following information:

      Settings Guidelines

      Application

      		 Select the SaaS Application.

      Privilege Control

      Specify the action to take for each available application activity.

      Custom Control

      Optionally, Configure custom controls for this application as needed. See Creating custom application controls.

    7. Click Save.

    8. Enter other SaaS Applications as needed and then click Save.

    Creating custom application controls

    Create custom controls to perform actions on applications that are not defined by default.

    To create a custom control for an application:

    1. In Custom Control, click Create.

    2. Configure the following settings:

      Settings Guidelines

      Name

      		 Enter a name for this control.

      Apply when HTTP packet matches

      Select from the matching method from the following:

      • All of the following.

      • Any of the following.

      URL Domain

      Enable or disable matching on the domain the URL, then enter the domain.

      URL Path

      Enable or disable matching on the URL path, then enter the path.

      Headers

      Enable or disable matching on the headers, then enter the headers.

      Header Value

      Enable or disable matching on a header value, then enter the value.

    3. In Application-Defined Controls, click Create and enter the following information:

      Settings Guidelines

      Name

      		 Enter a name for this control action.

      Control type

      Select from the matching method from the following:

      • Body.
      • Edit URL path.
      • Manipulate HTTP headers.

      URL Domain

      Enable or disable matching on the domain the URL, then enter the domain.

      URL Path

      Enable or disable matching on the URL path, then enter the path.

      Headers

      Enable or disable matching on the headers, then enter the headers.

      Header name

      Enter the header name to change.

      This option is only available when Control Type is Manipulate HTTP headers.

      Header Value

      Enter the header value.

      This option is only available when Control Type is Body or Manipulate HTTP headers.

      Action

      Select the path or header edit action.

      This option is only available when Control Type is Edit URL path or Manipulate HTTP headers.

      Path

      Enter the path to modify.

      Value

      Enter the new value.

    4. Click Save.

    5. Enter any additional Application-Defined Controls as needed, then click Save.

    Previous
    Next

    Configuring an inline CASB profile

    Configuring an inline CASB profile

    Use an inline CASB security profile to enable granular control over SaaS applications in firewall policies.

    To create or edit an inline CASB profile:

    1. Go to Security > Firewall Objects.

    2. Select Inline CASB from the Security Profiles dropdown.

    3. Click Create or select an existing profile from the list and click Edit.

    4. Enter a Name for the profile.

    5. Optionally, enter Comments.

    6. In SaaS Applications, click Create and enter the following information:

      Settings Guidelines

      Application

      		 Select the SaaS Application.

      Privilege Control

      Specify the action to take for each available application activity.

      Custom Control

      Optionally, Configure custom controls for this application as needed. See Creating custom application controls.

    7. Click Save.

    8. Enter other SaaS Applications as needed and then click Save.

    Creating custom application controls

    Create custom controls to perform actions on applications that are not defined by default.

    To create a custom control for an application:

    1. In Custom Control, click Create.

    2. Configure the following settings:

      Settings Guidelines

      Name

      		 Enter a name for this control.

      Apply when HTTP packet matches

      Select from the matching method from the following:

      • All of the following.

      • Any of the following.

      URL Domain

      Enable or disable matching on the domain the URL, then enter the domain.

      URL Path

      Enable or disable matching on the URL path, then enter the path.

      Headers

      Enable or disable matching on the headers, then enter the headers.

      Header Value

      Enable or disable matching on a header value, then enter the value.

    3. In Application-Defined Controls, click Create and enter the following information:

      Settings Guidelines

      Name

      		 Enter a name for this control action.

      Control type

      Select from the matching method from the following:

      • Body.
      • Edit URL path.
      • Manipulate HTTP headers.

      URL Domain

      Enable or disable matching on the domain the URL, then enter the domain.

      URL Path

      Enable or disable matching on the URL path, then enter the path.

      Headers

      Enable or disable matching on the headers, then enter the headers.

      Header name

      Enter the header name to change.

      This option is only available when Control Type is Manipulate HTTP headers.

      Header Value

      Enter the header value.

      This option is only available when Control Type is Body or Manipulate HTTP headers.

      Action

      Select the path or header edit action.

      This option is only available when Control Type is Edit URL path or Manipulate HTTP headers.

      Path

      Enter the path to modify.

      Value

      Enter the new value.

    4. Click Save.

    5. Enter any additional Application-Defined Controls as needed, then click Save.

    Previous
    Next