Fortinet black logo

Architecture Guide

Home FortiSASE Architecture Guide

SIA for agent-based remote users

Copy Link
Copy Doc ID 90c0ddd8-c520-11ee-8c42-fa163e15d75b:710519
Download PDF

SIA for agent-based remote users

Secure Internet access (SIA) for agent-based remote users is the most typical use case, which involves installing and configuring FortiClient on supported endpoints including Windows, macOS, and Linux endpoints. In this use case, the FortiSASE firewall as a service (FWaaS) comes between the endpoint and the Internet. Because FortiClient essentially sets up a full-tunnel SSL VPN with the FWaaS, agent-based SIA secures all Internet traffic and protocols using VPN policies. Each endpoint connects to a security point of presence.

You can achieve authentication for users in this use case by configuring the authentication source as Active Directory/LDAP or RADIUS or as a SAML identity provider.

You can automate initial configuration of endpoints using a mobile device management (MDM) tool. End user deployment involves entering an invitation code into FortiClient and then using a username and password to log into the Secure Internet Access SSL VPN tunnel to FortiSASE.

A typical topology for deploying this example design is as follows:

Previous
Next

SIA for agent-based remote users

Secure Internet access (SIA) for agent-based remote users is the most typical use case, which involves installing and configuring FortiClient on supported endpoints including Windows, macOS, and Linux endpoints. In this use case, the FortiSASE firewall as a service (FWaaS) comes between the endpoint and the Internet. Because FortiClient essentially sets up a full-tunnel SSL VPN with the FWaaS, agent-based SIA secures all Internet traffic and protocols using VPN policies. Each endpoint connects to a security point of presence.

You can achieve authentication for users in this use case by configuring the authentication source as Active Directory/LDAP or RADIUS or as a SAML identity provider.

You can automate initial configuration of endpoints using a mobile device management (MDM) tool. End user deployment involves entering an invitation code into FortiClient and then using a username and password to log into the Secure Internet Access SSL VPN tunnel to FortiSASE.

A typical topology for deploying this example design is as follows:

Previous
Next