SPA

Secure private access (SPA) secures FortiSASE remote user access to private company-hosted applications that a FortiGate next-generation firewall (NGFW) protects.

SPA using zero trust network access (ZTNA) secures private TCP-based applications, namely, leveraging FortiSASE integration with the FortiGate ZTNA access proxy. This use case offers a direct (shortest) path to private resources and per-session user authentication thus offering greater performance and security.

For securing private TCP-based and UDP-based applications, FortiSASE supports SPA using SD-WAN or SPA using an NGFW converted to a standalone FortiSASE SPA hub.

FortiSASE security points of presence and the organization’s FortiGate hubs form a traditional hub-and-spoke topology that supports the Fortinet autodiscovery VPN (ADVPN) configuration. ADVPN is an IPsec technology that allows a traditional hub-and-spoke VPN’s spokes to establish dynamic, on-demand, direct tunnels, known as shortcut tunnels, between each other to avoid routing through the topology's hub device.