Fortinet black logo

Common FortiSASE use cases

Copy Link
Copy Doc ID 90c0ddd8-c520-11ee-8c42-fa163e15d75b:891466
Download PDF

Common FortiSASE use cases

With FortiSASE, remote users (agent-based, agentless, and site-based) form secure connections to the Internet, data center, and cloud by accessing global FortiSASE security points of presence, which enforce an organization’s security policies regardless of remote users' locations.

Following are examples of common FortiSASE use cases:

FortiSASE component

Use case

Description

Secure Internet access (SIA)

Agent-based remote user Internet access

Secure access to the Internet using FortiClient agent

Agentless remote user Internet access

Secure access to the Internet using FortiSASE secure web gateway (SWG)

Site-based remote user Internet access using FortiExtender

Secure access to the Internet using FortiExtender device as FortiSASE LAN extension

Site-based remote user Internet access using FortiAP

Secure access to the Internet using FortiAP edge device that FortiSASE manages

Secure private access (SPA)

Zero trust network access (ZTNA) private access

Access to private company-hosted TCP-based applications behind the FortiGate ZTNA application gateway for various ZTNA use cases. This access method allows for a direct (shortest) path to private resources.

SD-WAN private access

Access to private company-hosted applications behind the FortiGate SD-WAN hub-and-spoke network. This access method extends private access for TCP- and UDP-based applications and offers data center redundancy.

Next generation firewall (NGFW) private access

Access to private company-hosted applications behind the FortiGate NGFW. This use case extends private access for UDP-based applications and agentless remote users.

Secure SaaS access

FortiCASB SaaS access

Access to SaaS applications using FortiCASB Cloud/API

FortiSASE Inline-CASB

Access control to SaaS applications using FortiSASE inline-CASB and SSL deep inspection on endpoint

SIA and SPA

Site-based remote users using FortiGate SD-WAN as a secure edge

Secure access to the Internet using FortiGate as FortiSASE LAN extension

Following is an example architecture of FortiSASE that incorporates all mentioned use cases:

Audience

Midlevel network and security architects in companies of all sizes and verticals should find this guide helpful.

About this guide

The guide is meant to provide high level insight into FortiSASE architectures for different secure access service edge use cases. You are meant to use this guide in conjunction with other technical documentation for each component that the guide lists. Where relevant, the guide lists links to the administrative guides and other technical reference guides. See More information.

For comments and feedback about this document, visit the SASE Architecture Guide for Enterprise on community.fortinet.com.

Common FortiSASE use cases

With FortiSASE, remote users (agent-based, agentless, and site-based) form secure connections to the Internet, data center, and cloud by accessing global FortiSASE security points of presence, which enforce an organization’s security policies regardless of remote users' locations.

Following are examples of common FortiSASE use cases:

FortiSASE component

Use case

Description

Secure Internet access (SIA)

Agent-based remote user Internet access

Secure access to the Internet using FortiClient agent

Agentless remote user Internet access

Secure access to the Internet using FortiSASE secure web gateway (SWG)

Site-based remote user Internet access using FortiExtender

Secure access to the Internet using FortiExtender device as FortiSASE LAN extension

Site-based remote user Internet access using FortiAP

Secure access to the Internet using FortiAP edge device that FortiSASE manages

Secure private access (SPA)

Zero trust network access (ZTNA) private access

Access to private company-hosted TCP-based applications behind the FortiGate ZTNA application gateway for various ZTNA use cases. This access method allows for a direct (shortest) path to private resources.

SD-WAN private access

Access to private company-hosted applications behind the FortiGate SD-WAN hub-and-spoke network. This access method extends private access for TCP- and UDP-based applications and offers data center redundancy.

Next generation firewall (NGFW) private access

Access to private company-hosted applications behind the FortiGate NGFW. This use case extends private access for UDP-based applications and agentless remote users.

Secure SaaS access

FortiCASB SaaS access

Access to SaaS applications using FortiCASB Cloud/API

FortiSASE Inline-CASB

Access control to SaaS applications using FortiSASE inline-CASB and SSL deep inspection on endpoint

SIA and SPA

Site-based remote users using FortiGate SD-WAN as a secure edge

Secure access to the Internet using FortiGate as FortiSASE LAN extension

Following is an example architecture of FortiSASE that incorporates all mentioned use cases:

Audience

Midlevel network and security architects in companies of all sizes and verticals should find this guide helpful.

About this guide

The guide is meant to provide high level insight into FortiSASE architectures for different secure access service edge use cases. You are meant to use this guide in conjunction with other technical documentation for each component that the guide lists. Where relevant, the guide lists links to the administrative guides and other technical reference guides. See More information.

For comments and feedback about this document, visit the SASE Architecture Guide for Enterprise on community.fortinet.com.