Fortinet black logo

Version:


Table of Contents

23.3.25
Download PDF
Copy Doc ID c177e43d-4d9b-11ee-8e6d-fa163e15d75b:308001
Copy Link

SIA

Secure Internet Access (SIA) extends an organization’s security perimeter that a next generation firewall typically achieves to remote users by enforcing common security policy for the following:

  • Intrusion Prevention Systems
  • Application Control
  • Web and DNS filtering
  • Antimalware
  • Sandboxing
  • Antibotnet/Command and Control

The most common SIA use cases for FortiSASE are:

Use case

Description

Agent-based remote user Internet access

Remote users on supported endpoint devices can use FortiClient software to establish secure connections via SSL VPN to the FortiSASE firewall as a service. Since FortiClient software must be installed on the endpoint, this use case is described as agent-based, which is also known as endpoint mode.

Agentless remote user Internet access

Low-end devices, operational technology devices, or browser-only solutions such as Chromebooks use a proxy autoconfiguration file or proxy settings to securely proxy Internet traffic through FortiSASE secure web gateway (SWG). Since FortiSASE can achieve this connectivity without agent-based software, this use case is described as agentless, which is also known as SWG mode or explicit proxy.

Site-based remote user Internet access

Branch offices can use a thin-edge device such as FortiExtender or a secure edge device such as a FortiGate SD-WAN device to establish secure connections to the FortiSASE platform where these Fortinet devices act as FortiSASE LAN extension devices. Since all user devices and endpoints configured for Internet access through the FortiExtender or the FortiGate redirect its Internet traffic to FortiSASE, these use cases are described as site-based.

SIA

Secure Internet Access (SIA) extends an organization’s security perimeter that a next generation firewall typically achieves to remote users by enforcing common security policy for the following:

  • Intrusion Prevention Systems
  • Application Control
  • Web and DNS filtering
  • Antimalware
  • Sandboxing
  • Antibotnet/Command and Control

The most common SIA use cases for FortiSASE are:

Use case

Description

Agent-based remote user Internet access

Remote users on supported endpoint devices can use FortiClient software to establish secure connections via SSL VPN to the FortiSASE firewall as a service. Since FortiClient software must be installed on the endpoint, this use case is described as agent-based, which is also known as endpoint mode.

Agentless remote user Internet access

Low-end devices, operational technology devices, or browser-only solutions such as Chromebooks use a proxy autoconfiguration file or proxy settings to securely proxy Internet traffic through FortiSASE secure web gateway (SWG). Since FortiSASE can achieve this connectivity without agent-based software, this use case is described as agentless, which is also known as SWG mode or explicit proxy.

Site-based remote user Internet access

Branch offices can use a thin-edge device such as FortiExtender or a secure edge device such as a FortiGate SD-WAN device to establish secure connections to the FortiSASE platform where these Fortinet devices act as FortiSASE LAN extension devices. Since all user devices and endpoints configured for Internet access through the FortiExtender or the FortiGate redirect its Internet traffic to FortiSASE, these use cases are described as site-based.