Prerequisites
SSL deep inspection
Customizing HTTP headers using the Web Filter with Inline-CASB requires SSL deep inspection to be enabled on FortiSASE so that FortiSASE can intercept HTTP headers and add/remove to header requests/responses, as required by the SaaS application.
- To confirm SSL deep inspection is enabled, go to Configuration > Security and under the SSL Inspection widget, ensure that Deep Inspection displays.
- To enable SSL deep inspection, go to Configuration > Security and in the SSL Inspection widget, click Customize, and in the SSL Inspection slide-in, select Deep Inspection and click OK.
If you do not enable deep inspection, you see the following warnings:
- Under Configuration > Security in the Web Filter With Inline-CASB widget, you see a caution icon and when hovering over the tooltip, you see a warning message with a link to the Deep Inspection page.
-
When clicking on Customize in the Web Filter With Inline-CASB widget and selecting the Inline-CASB Headers tab, you see a warning message with a link to the Deep Inspection page.
See Certificate and deep inspection modes.
SaaS vendor-specific headers
You must know the format and content of vendor-specific headers supported by a SaaS application to use with the Web Filter with Inline-CASB.
For more information on the specific headers used for restricted SaaS access, see SaaS vendor-specific documentation:
Vendor |
Documentation link |
---|---|
Office 365 |
|
Google Workspace |
|
Slack |
Currently, all configured headers are added to outgoing FortiSASE traffic for agentless (SWG) remote users. Therefore, for this scenario, ensure you configure headers carefully considering their global scope to ensure they do not overlap or result in duplicate behaviour. |