Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

FortiGate

FortiGate

Note

FortiGate SD-WAN as a secure edge is a controlled General Availability feature that requires a separate FortiSASE subscription license per FortiGate. All FortiGate F-series and G-series desktop platforms running FortiOS 7.4.2 and above are capable of supporting FortiSASE Secure Edge connectivity.

Contact your Fortinet Sales/Partner representative to purchase a FortiSASE subscription license for each FortiGate.

You can configure a FortiGate SD-WAN device as a FortiSASE LAN extension, also known as a FortiGate Secure Edge, by setting up a VXLAN-over-IPsec tunnel between the FortiGate and FortiSASE. This creates a layer 2 network between FortiSASE and the network behind the remote FortiGate. In this use case, because the FortiGate is responsible for centralizing its remote users’ site connectivity to the FortiSASE firewall-as-a-service (FWaaS), the endpoints only need to be configured in their IP settings to forward traffic to the FortiGate as the default gateway.

Therefore, for this use case, individual workstation or device setup is minimized because FortiClient does not need to be installed on endpoints and web browser-based endpoint do not require explicit web proxy settings to be configured.

Previous
Next

FortiGate

Note

FortiGate SD-WAN as a secure edge is a controlled General Availability feature that requires a separate FortiSASE subscription license per FortiGate. All FortiGate F-series and G-series desktop platforms running FortiOS 7.4.2 and above are capable of supporting FortiSASE Secure Edge connectivity.

Contact your Fortinet Sales/Partner representative to purchase a FortiSASE subscription license for each FortiGate.

You can configure a FortiGate SD-WAN device as a FortiSASE LAN extension, also known as a FortiGate Secure Edge, by setting up a VXLAN-over-IPsec tunnel between the FortiGate and FortiSASE. This creates a layer 2 network between FortiSASE and the network behind the remote FortiGate. In this use case, because the FortiGate is responsible for centralizing its remote users’ site connectivity to the FortiSASE firewall-as-a-service (FWaaS), the endpoints only need to be configured in their IP settings to forward traffic to the FortiGate as the default gateway.

Therefore, for this use case, individual workstation or device setup is minimized because FortiClient does not need to be installed on endpoints and web browser-based endpoint do not require explicit web proxy settings to be configured.

Previous
Next