Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Prerequisites

Prerequisites

SSL deep inspection

Customizing HTTP headers using the Web Filter with Inline-CASB requires SSL deep inspection to be enabled on FortiSASE so that FortiSASE can intercept HTTP headers and add/remove to header requests/responses, as required by the SaaS application.

  • To confirm SSL deep inspection is enabled, go to Configuration > Security and under the SSL Inspection widget, ensure that Deep Inspection displays.
  • To enable SSL deep inspection, go to Configuration > Security and in the SSL Inspection widget, click Customize, and in the SSL Inspection slide-in, select Deep Inspection and click OK.

If you do not enable deep inspection, you see the following warnings:

  • Under Configuration > Security in the Web Filter With Inline-CASB widget, you see a caution icon and when hovering over the tooltip, you see a warning message with a link to the Deep Inspection page.

  • When clicking on Customize in the Web Filter With Inline-CASB widget and selecting the Inline-CASB Headers tab, you see a warning message with a link to the Deep Inspection page.

See Certificate and deep inspection modes.

SaaS vendor-specific headers

You must know the format and content of vendor-specific headers supported by a SaaS application to use with the Web Filter with Inline-CASB.

For more information on the specific headers used for restricted SaaS access, see SaaS vendor-specific documentation:

Vendor

Documentation link

Office 365

Restrict access to a tenant

Google Workspace

Block access to consumer accounts

Slack

Approve Slack workspaces for your network

Note

Currently, all configured headers are added to outgoing FortiSASE traffic for agentless (SWG) remote users. Therefore, for this scenario, ensure you configure headers carefully considering their global scope to ensure they do not overlap or result in duplicate behaviour.
Previous
Next

Prerequisites

SSL deep inspection

Customizing HTTP headers using the Web Filter with Inline-CASB requires SSL deep inspection to be enabled on FortiSASE so that FortiSASE can intercept HTTP headers and add/remove to header requests/responses, as required by the SaaS application.

  • To confirm SSL deep inspection is enabled, go to Configuration > Security and under the SSL Inspection widget, ensure that Deep Inspection displays.
  • To enable SSL deep inspection, go to Configuration > Security and in the SSL Inspection widget, click Customize, and in the SSL Inspection slide-in, select Deep Inspection and click OK.

If you do not enable deep inspection, you see the following warnings:

  • Under Configuration > Security in the Web Filter With Inline-CASB widget, you see a caution icon and when hovering over the tooltip, you see a warning message with a link to the Deep Inspection page.

  • When clicking on Customize in the Web Filter With Inline-CASB widget and selecting the Inline-CASB Headers tab, you see a warning message with a link to the Deep Inspection page.

See Certificate and deep inspection modes.

SaaS vendor-specific headers

You must know the format and content of vendor-specific headers supported by a SaaS application to use with the Web Filter with Inline-CASB.

For more information on the specific headers used for restricted SaaS access, see SaaS vendor-specific documentation:

Vendor

Documentation link

Office 365

Restrict access to a tenant

Google Workspace

Block access to consumer accounts

Slack

Approve Slack workspaces for your network

Note

Currently, all configured headers are added to outgoing FortiSASE traffic for agentless (SWG) remote users. Therefore, for this scenario, ensure you configure headers carefully considering their global scope to ensure they do not overlap or result in duplicate behaviour.
Previous
Next