Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Introduction

Introduction

FortiSASE is a software-as-a-cloud-delivered service that allows clients to securely access the internet with the protection from FortiOS. With FortiSASE, you can ensure to protect remote off-net endpoints and users with the same security policies as when they are on-net, no matter their location. The service is available through a subscription based on the number of users.

FortiSASE works with various FortiCloud services in the background to deliver a seamless service for securing your internet access.

In terms of security, FortiSASE offers the following features to protect clients:

  • Antivirus
  • Web Filter
  • Intrusion prevention
  • File filter
  • Data loss prevention
  • Application control
  • SSL inspection

Security features are customizable and offer many familiar settings as you would see on a FortiGate.

Following are examples of common FortiSASE use cases:

FortiSASE component

Use case

Description

Secure internet access (SIA)

Agent-based remote user internet access

Secure access to the internet using FortiClient agent

Agentless remote user internet access

Secure access to the internet using FortiSASE secure web gateway (SWG)

Site-based remote user internet access using FortiExtender

Secure access to the internet using FortiExtender device as FortiSASE LAN extension

Site-based remote user internet access using FortiAP

Secure access to the internet using FortiAP edge device that FortiSASE manages

Secure private access (SPA)

Zero trust network access (ZTNA) private access

Access to private company-hosted TCP-based applications behind the FortiGate ZTNA application gateway for various ZTNA use cases. This access method allows for a direct (shortest) path to private resources.

SD-WAN private access

Access to private company-hosted applications behind the FortiGate SD-WAN hub-and-spoke network. This access method extends private access for TCP- and UDP-based applications and offers data center redundancy.

Next generation firewall (NGFW) private access

Access to private company-hosted applications behind the FortiGate NGFW. This use case extends private access for UDP-based applications and agentless remote users.

Secure SaaS access

FortiCASB SaaS access

Access to SaaS applications using FortiCASB Cloud/API

FortiSASE Inline-CASB

Access control to SaaS applications using FortiSASE inline-CASB and SSL deep inspection on endpoint

SIA and SPA

Site-based remote users using FortiGate SD-WAN as a secure edge

Secure access to the internet using FortiGate as FortiSASE LAN extension

For details on these FortiSASE use cases, see the 4-D FortiSASE Architecture Guide.

For details on the deployment process, see FortiSASE Cloud Deployment.

User provisioning is made simple, whether you are creating local users in bulk, integrating users from your Active Directory or LDAP server, or integrating with SAML authentication. You can also easily group your users to apply similar VPN or SWG policies.

See Service Organization Controls (SOC2) compliance standard.

Previous
Next

Introduction

FortiSASE is a software-as-a-cloud-delivered service that allows clients to securely access the internet with the protection from FortiOS. With FortiSASE, you can ensure to protect remote off-net endpoints and users with the same security policies as when they are on-net, no matter their location. The service is available through a subscription based on the number of users.

FortiSASE works with various FortiCloud services in the background to deliver a seamless service for securing your internet access.

In terms of security, FortiSASE offers the following features to protect clients:

  • Antivirus
  • Web Filter
  • Intrusion prevention
  • File filter
  • Data loss prevention
  • Application control
  • SSL inspection

Security features are customizable and offer many familiar settings as you would see on a FortiGate.

Following are examples of common FortiSASE use cases:

FortiSASE component

Use case

Description

Secure internet access (SIA)

Agent-based remote user internet access

Secure access to the internet using FortiClient agent

Agentless remote user internet access

Secure access to the internet using FortiSASE secure web gateway (SWG)

Site-based remote user internet access using FortiExtender

Secure access to the internet using FortiExtender device as FortiSASE LAN extension

Site-based remote user internet access using FortiAP

Secure access to the internet using FortiAP edge device that FortiSASE manages

Secure private access (SPA)

Zero trust network access (ZTNA) private access

Access to private company-hosted TCP-based applications behind the FortiGate ZTNA application gateway for various ZTNA use cases. This access method allows for a direct (shortest) path to private resources.

SD-WAN private access

Access to private company-hosted applications behind the FortiGate SD-WAN hub-and-spoke network. This access method extends private access for TCP- and UDP-based applications and offers data center redundancy.

Next generation firewall (NGFW) private access

Access to private company-hosted applications behind the FortiGate NGFW. This use case extends private access for UDP-based applications and agentless remote users.

Secure SaaS access

FortiCASB SaaS access

Access to SaaS applications using FortiCASB Cloud/API

FortiSASE Inline-CASB

Access control to SaaS applications using FortiSASE inline-CASB and SSL deep inspection on endpoint

SIA and SPA

Site-based remote users using FortiGate SD-WAN as a secure edge

Secure access to the internet using FortiGate as FortiSASE LAN extension

For details on these FortiSASE use cases, see the 4-D FortiSASE Architecture Guide.

For details on the deployment process, see FortiSASE Cloud Deployment.

User provisioning is made simple, whether you are creating local users in bulk, integrating users from your Active Directory or LDAP server, or integrating with SAML authentication. You can also easily group your users to apply similar VPN or SWG policies.

See Service Organization Controls (SOC2) compliance standard.

Previous
Next