Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Network restrictions removed

Network restrictions removed

FortiSASE includes support for removing network restrictions.

The following networks are available for your network configuration:

  • 10.8.0.0/16
  • 10.16.0.0/16
  • 100.64.0.0/10 (except 100.65.0.0/16)
  • 172.16.0.0/12
  • 192.168.0.0/16

For new FortiSASE instances, support for removing network restrictions is enabled by default. For existing FortiSASE instances, you must request support for removing network restrictions by creating a new FortiCare ticket.

Note

With the requested network restrictions removed, FortiSASE can connect to DNS, RADIUS, or LDAP servers with internal IP addresses or FQDNs if you set Access Type to Private in the RADIUS or LDAP server settings, internal servers are located behind a secure private access (SPA) hub, and the SPA hub in FortiSASE has been configured with BGP per overlay.

When the FortiSASE Endpoint Management Service uses LDAP servers with AD Users & Groups for endpoint profile assignments, these servers must use public IP addresses or publicly accessible FQDNs with Access Type set to Public in the LDAP server settings and may require some configuration or topology changes.
Previous
Next

Network restrictions removed

FortiSASE includes support for removing network restrictions.

The following networks are available for your network configuration:

  • 10.8.0.0/16
  • 10.16.0.0/16
  • 100.64.0.0/10 (except 100.65.0.0/16)
  • 172.16.0.0/12
  • 192.168.0.0/16

For new FortiSASE instances, support for removing network restrictions is enabled by default. For existing FortiSASE instances, you must request support for removing network restrictions by creating a new FortiCare ticket.

Note

With the requested network restrictions removed, FortiSASE can connect to DNS, RADIUS, or LDAP servers with internal IP addresses or FQDNs if you set Access Type to Private in the RADIUS or LDAP server settings, internal servers are located behind a secure private access (SPA) hub, and the SPA hub in FortiSASE has been configured with BGP per overlay.

When the FortiSASE Endpoint Management Service uses LDAP servers with AD Users & Groups for endpoint profile assignments, these servers must use public IP addresses or publicly accessible FQDNs with Access Type set to Public in the LDAP server settings and may require some configuration or topology changes.
Previous
Next