Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Application Control With Inline-CASB

Application Control With Inline-CASB

FortiSASE can recognize network traffic that a large number of applications generate. Application Control With Inline-cloud access security broker (Inline-CASB) uses Intrusion Prevention System (IPS) protocol decoders that can analyze network traffic to detect application traffic, even if the traffic uses non-standard ports or protocols. Application Control With Inline-CASB supports traffic detection using the HTTP protocol (versions 1.0, 1.1, and 2.0).

FortiSASE uses Application Control, IPS, and SSL deep inspection to act as an Inline-CASB by providing access control to software-as-a-service (SaaS) cloud application traffic. A CASB sits between users and their cloud service to enforce security policies as they access cloud-based resources.

Note

You must enable Intrusion Prevention for internet access traffic because Application Control With Inline-CASB features require it to be enabled.
To configure Application Control With Inline-CASB and Intrusion Prevention:
  1. Go to Configuration > Security.
  2. Enable Intrusion Prevention.
  3. In the Intrusion Prevention widget, click Customize.
  4. Select an IPS profile to apply to traffic. See Intrusion prevention.
  5. Enable Application Control With Inline-CASB.
  6. In the Application Control With Inline-CASB widget, click Customize.
  7. The Application Control With Inline-CASB pane displays the application categories. You can configure one of the following actions for each category:

    Type

    Description

    Allow

    Passes the traffic to the web filters, antivirus inspection engine, and DLP inspection engine.

    Monitor

    Processes the traffic the same way as the Allow action. For the Monitor action, FortiSASE generates a log message each time it establishes a matching traffic pattern.

    Block

    Denies or blocks attempts to access any application that belongs to the category. A replacement message displays.

  8. In Application Overrides, you can configure actions for individual applications, overriding the action configured for their category. Click Create. Select the desired action from the dropdown list in the upper left corner, select the desired applications, then click OK. You can search for the desired applications, and filter the list to show only cloud applications. The Application Overrides pane denotes cloud applications with a cloud icon, such as for the YouTube_Category.Control application in the following screenshot. The following example allows the Video/Audio category, and blocks YouTube.

  9. Click OK.

When the user attempts to access YouTube under these settings, they see the following message in their browser.

You can view data for cloud application access attempts in Dashboards > FortiView Cloud Applications.

Previous
Next

Application Control With Inline-CASB

FortiSASE can recognize network traffic that a large number of applications generate. Application Control With Inline-cloud access security broker (Inline-CASB) uses Intrusion Prevention System (IPS) protocol decoders that can analyze network traffic to detect application traffic, even if the traffic uses non-standard ports or protocols. Application Control With Inline-CASB supports traffic detection using the HTTP protocol (versions 1.0, 1.1, and 2.0).

FortiSASE uses Application Control, IPS, and SSL deep inspection to act as an Inline-CASB by providing access control to software-as-a-service (SaaS) cloud application traffic. A CASB sits between users and their cloud service to enforce security policies as they access cloud-based resources.

Note

You must enable Intrusion Prevention for internet access traffic because Application Control With Inline-CASB features require it to be enabled.
To configure Application Control With Inline-CASB and Intrusion Prevention:
  1. Go to Configuration > Security.
  2. Enable Intrusion Prevention.
  3. In the Intrusion Prevention widget, click Customize.
  4. Select an IPS profile to apply to traffic. See Intrusion prevention.
  5. Enable Application Control With Inline-CASB.
  6. In the Application Control With Inline-CASB widget, click Customize.
  7. The Application Control With Inline-CASB pane displays the application categories. You can configure one of the following actions for each category:

    Type

    Description

    Allow

    Passes the traffic to the web filters, antivirus inspection engine, and DLP inspection engine.

    Monitor

    Processes the traffic the same way as the Allow action. For the Monitor action, FortiSASE generates a log message each time it establishes a matching traffic pattern.

    Block

    Denies or blocks attempts to access any application that belongs to the category. A replacement message displays.

  8. In Application Overrides, you can configure actions for individual applications, overriding the action configured for their category. Click Create. Select the desired action from the dropdown list in the upper left corner, select the desired applications, then click OK. You can search for the desired applications, and filter the list to show only cloud applications. The Application Overrides pane denotes cloud applications with a cloud icon, such as for the YouTube_Category.Control application in the following screenshot. The following example allows the Video/Audio category, and blocks YouTube.

  9. Click OK.

When the user attempts to access YouTube under these settings, they see the following message in their browser.

You can view data for cloud application access attempts in Dashboards > FortiView Cloud Applications.

Previous
Next