Introduction
FortiSASE is a software-as-a-cloud-delivered service that allows clients to securely access the internet with the protection from FortiOS. With FortiSASE, you can ensure to protect remote off-net endpoints and users with the same security policies as when they are on-net, no matter their location. The service is available through a subscription based on the number of users.
FortiSASE works with various FortiCloud services in the background to deliver a seamless service for securing your internet access.
In terms of security, FortiSASE offers the following features to protect clients:
- Antivirus
- Web Filter
- Intrusion prevention
- File filter
- Data loss prevention
- Application control
- SSL inspection
Security features are customizable and offer many familiar settings as you would see on a FortiGate.
Following are examples of common FortiSASE use cases:
FortiSASE component |
Use case |
Description |
---|---|---|
Secure internet access (SIA)
|
Agent-based remote user internet access |
Secure access to the internet using FortiClient agent |
Agentless remote user internet access |
Secure access to the internet using FortiSASE secure web gateway (SWG) |
|
Site-based remote user internet access using FortiExtender |
Secure access to the internet using FortiExtender device as FortiSASE LAN extension |
|
Site-based remote user internet access using FortiAP |
Secure access to the internet using FortiAP edge device that FortiSASE manages |
|
Secure private access (SPA) |
Zero trust network access (ZTNA) private access |
Access to private company-hosted TCP-based applications behind the FortiGate ZTNA application gateway for various ZTNA use cases. This access method allows for a direct (shortest) path to private resources. |
SD-WAN private access |
Access to private company-hosted applications behind the FortiGate SD-WAN hub-and-spoke network. This access method extends private access for TCP- and UDP-based applications and offers data center redundancy. |
|
Next generation firewall (NGFW) private access |
Access to private company-hosted applications behind the FortiGate NGFW. This use case extends private access for UDP-based applications and agentless remote users. |
|
Secure SaaS access |
FortiCASB SaaS access |
Access to SaaS applications using FortiCASB Cloud/API |
FortiSASE Inline-CASB |
Access control to SaaS applications using FortiSASE inline-CASB and SSL deep inspection on endpoint |
|
SIA and SPA |
Site-based remote users using FortiGate SD-WAN as a secure edge |
Secure access to the internet using FortiGate as FortiSASE LAN extension |
For details on these FortiSASE use cases, see the 4-D FortiSASE Architecture Guide.
For details on the deployment process, see FortiSASE Cloud Deployment.
User provisioning is made simple, whether you are creating local users in bulk, integrating users from your Active Directory or LDAP server, or integrating with SAML authentication. You can also easily group your users to apply similar VPN or SWG policies.
See Service Organization Controls (SOC2) compliance standard.