Fortinet black logo

Administration Guide

Appendix A - FortiSASE data centers

Copy Link
Copy Doc ID 5d380088-d5b4-11ee-8c42-fa163e15d75b:751044
Download PDF

Appendix A - FortiSASE data centers

The following provides information about FortiSASE data centers or points of presence (PoPs) available through the FortiSASE Status page, global data centers list, and egress IP addresses feed. The following also provides information about the number of security data centers accessible per license.

Status page

To view real-time information on the current status of data centers, visit the FortiSASE Status page at https://status.fortisase.com and click the plus sign (+) next to Fortinet Cloud Locations or Public Cloud Locations.

Global data centers list

For a table of global data center information for FortiSASE, see Global data centers.

Egress IP addresses feed

A consumable feed of the FortiSASE egress IP addresses is available at https://portal.prod.fortisase.com/api/v1/public/egress/ips.

You can use this list in access control lists to allow access to internal applications from FortiSASE only.

Note

For instances equipped with Dedicated Public IPs (via SKU addition, or through Advanced or Comprehensive licenses), the IP addresses associated with each FortiSASE security PoP are not included in the Egress IP API as they are customer-specific.

Note

The egress IP addresses feed includes IP addresses for log forwarding and FortiSASE Endpoint Management Service. It is recommended that administrators of all instances, including those with dedicated IP addresses, use the egress IP addresses feed to allowlist traffic from both FortiSASE services based on their specific needs.

The following describes how to configure a threat feed using this feed in FortiOS. For information on threat feeds, see Threat feeds.

To create a threat feed using the FortiSASE egress IP address feed:
  1. Go to Security Fabric > External Connectors.
  2. Click Create New.
  3. Under Threat Feeds, select IP Address.
  4. In the URL of external resource field, enter https://portal.prod.fortisase.com/api/v1/public/egress/ips
  5. Disable HTTP basic authentication.
  6. Ensure that Status is enabled.
  7. Configure other fields as desired, then click OK.
  8. To confirm that you configured the feed correctly, wait until the GUI displays that the connection succeeded. Hover over the feed to see the connection status, last update time, and number of entries. You can use this feed to configure policies in FortiOS.

Number of security data centers accessible per license

The number of data centers with security capabilities that are accessible by remote users depends on the FortiSASE license tier and number of users, or user bands, applied to your FortiSASE instance. See the following table:

FortiSASE license

Number of security data centers accessible per user band

50-99 users

100-199 users

200+ users

Standard

4

4

4

Advanced

4

4

4

Comprehensive

1

2

4

For all license tiers, you can purchase access to additional security data centers with the corresponding FortiSASE Region Add-on license:

FortiSASE license

Region Add-on license

Standard

Fortinet Location Add-on

Advanced

Comprehensive

Public Cloud Location Add-on

See the FortiSASE Ordering Guide.

Appendix A - FortiSASE data centers

The following provides information about FortiSASE data centers or points of presence (PoPs) available through the FortiSASE Status page, global data centers list, and egress IP addresses feed. The following also provides information about the number of security data centers accessible per license.

Status page

To view real-time information on the current status of data centers, visit the FortiSASE Status page at https://status.fortisase.com and click the plus sign (+) next to Fortinet Cloud Locations or Public Cloud Locations.

Global data centers list

For a table of global data center information for FortiSASE, see Global data centers.

Egress IP addresses feed

A consumable feed of the FortiSASE egress IP addresses is available at https://portal.prod.fortisase.com/api/v1/public/egress/ips.

You can use this list in access control lists to allow access to internal applications from FortiSASE only.

Note

For instances equipped with Dedicated Public IPs (via SKU addition, or through Advanced or Comprehensive licenses), the IP addresses associated with each FortiSASE security PoP are not included in the Egress IP API as they are customer-specific.

Note

The egress IP addresses feed includes IP addresses for log forwarding and FortiSASE Endpoint Management Service. It is recommended that administrators of all instances, including those with dedicated IP addresses, use the egress IP addresses feed to allowlist traffic from both FortiSASE services based on their specific needs.

The following describes how to configure a threat feed using this feed in FortiOS. For information on threat feeds, see Threat feeds.

To create a threat feed using the FortiSASE egress IP address feed:
  1. Go to Security Fabric > External Connectors.
  2. Click Create New.
  3. Under Threat Feeds, select IP Address.
  4. In the URL of external resource field, enter https://portal.prod.fortisase.com/api/v1/public/egress/ips
  5. Disable HTTP basic authentication.
  6. Ensure that Status is enabled.
  7. Configure other fields as desired, then click OK.
  8. To confirm that you configured the feed correctly, wait until the GUI displays that the connection succeeded. Hover over the feed to see the connection status, last update time, and number of entries. You can use this feed to configure policies in FortiOS.

Number of security data centers accessible per license

The number of data centers with security capabilities that are accessible by remote users depends on the FortiSASE license tier and number of users, or user bands, applied to your FortiSASE instance. See the following table:

FortiSASE license

Number of security data centers accessible per user band

50-99 users

100-199 users

200+ users

Standard

4

4

4

Advanced

4

4

4

Comprehensive

1

2

4

For all license tiers, you can purchase access to additional security data centers with the corresponding FortiSASE Region Add-on license:

FortiSASE license

Region Add-on license

Standard

Fortinet Location Add-on

Advanced

Comprehensive

Public Cloud Location Add-on

See the FortiSASE Ordering Guide.