Fortinet black logo

FortiGate NGFW to FortiSASE SPA Hub Conversion Deployment Guide

Home FortiSASE FortiGate NGFW to FortiSASE SPA Hub Conversion Deployment Guide

Configuring SPA to the FortiGate SPA hub in FortiSASE Private Access

Configuring SPA to the FortiGate SPA hub in FortiSASE Private Access

Note Before configuring the Secure Private Access settings in the FortiSASE portal, to ensure proper secure private access (SPA) functionality, you must ensure that the FortiSASE SPA hub conforms to details mentioned in all previous sections of this guide up until this point, especially those sections covering Design concept and considerations, Product prerequisites, and Converting FortiGate NGFW to a FortiSASE SPA hub using FortiOS CLI or GUI.

At this point, the FortiGate NGFW has been converted to a FortiSASE SPA Hub. Therefore, in the steps that follow, the FortiGate NGFW will now be referred to as the FortiSASE SPA Hub.

To allow FortiSASE remote users with secure private access (SPA) to resources behind your FortiGate SD-WAN hub network, you can configure FortiSASE security PoPs as spokes in your hub-and-spoke network using the Secure Private Access page.

Configuration workflow

To configure SPA service connections (hubs), you must follow this configuration workflow in Network > Secure Private Access:

  1. Click the Network Configuration tab at the top of the page and configure the common network configuration settings. See Configuring network configuration.

  2. Click the Service Connections tab at the top of the page, click Create, and configure a new service connection (hub). See Configuring a new service connection.

Note You cannot configure a service connection or hub without first configuring Network Configuration settings.
Previous
Next

Configuring SPA to the FortiGate SPA hub in FortiSASE Private Access

Note Before configuring the Secure Private Access settings in the FortiSASE portal, to ensure proper secure private access (SPA) functionality, you must ensure that the FortiSASE SPA hub conforms to details mentioned in all previous sections of this guide up until this point, especially those sections covering Design concept and considerations, Product prerequisites, and Converting FortiGate NGFW to a FortiSASE SPA hub using FortiOS CLI or GUI.

At this point, the FortiGate NGFW has been converted to a FortiSASE SPA Hub. Therefore, in the steps that follow, the FortiGate NGFW will now be referred to as the FortiSASE SPA Hub.

To allow FortiSASE remote users with secure private access (SPA) to resources behind your FortiGate SD-WAN hub network, you can configure FortiSASE security PoPs as spokes in your hub-and-spoke network using the Secure Private Access page.

Configuration workflow

To configure SPA service connections (hubs), you must follow this configuration workflow in Network > Secure Private Access:

  1. Click the Network Configuration tab at the top of the page and configure the common network configuration settings. See Configuring network configuration.

  2. Click the Service Connections tab at the top of the page, click Create, and configure a new service connection (hub). See Configuring a new service connection.

Note You cannot configure a service connection or hub without first configuring Network Configuration settings.
Previous
Next