Fortinet black logo

Concept Guide

Home FortiSASE Concept Guide

SASE components

SASE components

Secure access service edge (SASE) relies on a variety of network security technologies as SASE architecture components. This section explores these components:

Firewall-as-a-service

Firewall-as-a-service (FWaaS) is a firewall solution delivered as a cloud-based service that can scale and have new services provisioned to it to meet expanding and changing needs. Essentially, a FWaaS is a location-independent perimeter firewall for secure access. It provides next-generation firewall (NGFW) capabilities like web filtering, advanced threat protection, intrusion prevention system, and domain name system (DNS) security.

SWG

Secure web gateway (SWG) is a web gateway or proxy solution that forwards or proxies a user’s web-based traffic to a web gateway or proxy server that applies web filtering, DNS security, antivirus, antimalware, antibotnet, SSL inspection, and data loss prevention functions to the traffic before sending it to the internet.

ZTNA

Zero trust network access (ZTNA) is a solution that protects applications by allowing only trusted entities access to the application. Therefore, you can use ZTNA as an alternative to VPN for accessing protected resources on an organization’s network.

For explanation of ZTNA concepts, see the ZTNA Concept Guide.

CASB

Cloud access security broker (CASB) is a software or hardware solution that is located between users and a cloud service to enforce security policies around cloud-based resources. You can consider CASB a subset of ZTNA.

SD-WAN

Software defined wide-area network (SD-WAN) is a software-defined approach to managing WANs, providing link redundancy and load balancing, and using intelligence to route traffic based on defined performance and business priorities. You typically deploy SD-WAN at the branch or remote office level by using a router or NGFW device to optimize on-net users’ access to the internet. You can also implement SD-WAN from within the cloud-delivered service and offered as a service. This is analogous to private networks that WAN service providers provide using multiprotocol label switching, providing optimized connectivity to other cloud services or as-a-service applications.

For information on SD-WAN concepts, see the SD-WAN / SD-Branch Concept Guide.

Previous
Next

SASE components

Secure access service edge (SASE) relies on a variety of network security technologies as SASE architecture components. This section explores these components:

Firewall-as-a-service

Firewall-as-a-service (FWaaS) is a firewall solution delivered as a cloud-based service that can scale and have new services provisioned to it to meet expanding and changing needs. Essentially, a FWaaS is a location-independent perimeter firewall for secure access. It provides next-generation firewall (NGFW) capabilities like web filtering, advanced threat protection, intrusion prevention system, and domain name system (DNS) security.

SWG

Secure web gateway (SWG) is a web gateway or proxy solution that forwards or proxies a user’s web-based traffic to a web gateway or proxy server that applies web filtering, DNS security, antivirus, antimalware, antibotnet, SSL inspection, and data loss prevention functions to the traffic before sending it to the internet.

ZTNA

Zero trust network access (ZTNA) is a solution that protects applications by allowing only trusted entities access to the application. Therefore, you can use ZTNA as an alternative to VPN for accessing protected resources on an organization’s network.

For explanation of ZTNA concepts, see the ZTNA Concept Guide.

CASB

Cloud access security broker (CASB) is a software or hardware solution that is located between users and a cloud service to enforce security policies around cloud-based resources. You can consider CASB a subset of ZTNA.

SD-WAN

Software defined wide-area network (SD-WAN) is a software-defined approach to managing WANs, providing link redundancy and load balancing, and using intelligence to route traffic based on defined performance and business priorities. You typically deploy SD-WAN at the branch or remote office level by using a router or NGFW device to optimize on-net users’ access to the internet. You can also implement SD-WAN from within the cloud-delivered service and offered as a service. This is analogous to private networks that WAN service providers provide using multiprotocol label switching, providing optimized connectivity to other cloud services or as-a-service applications.

For information on SD-WAN concepts, see the SD-WAN / SD-Branch Concept Guide.

Previous
Next