Fortinet black logo

Architecture Guide

Home FortiSASE Architecture Guide

SSA using FortiSASE Inline-CASB

SSA using FortiSASE Inline-CASB

For the secure SaaS access (SSA) use case, FortiSASE offers Inline-cloud access security broker (Inline-CASB) functionality for its application control and web filter security components and offers data loss prevention (DLP) functionality to ensure FortiSASE agent-based and agentless remote users have secure access to SaaS applications.

FortiSASE uses Application Control to act as an Inline-CASB by providing access control to software-as-a-service (SaaS) cloud application traffic. A CASB sits between users and their cloud service to enforce security policies as they access cloud-based resources.

Also, FortiSASE uses Web Filter with an Inline-CASB security component to customize headers when agentless (SWG) or agent-based (FortiClient) remote users are accessing SaaS applications. When configured, FortiSASE intercepts HTTP headers and can modify them for outgoing traffic and this process is also commonly known as HTTP header insertion. By customizing HTTP headers for FortiSASE outgoing traffic destined for SaaS applications, the Web Filter with Inline-CASB can control SaaS application behavior by restricting tenants' access.

In addition, FortiSASE uses data loss prevention (DLP) to prevent sensitive data from leaving or entering your network by defining various sensitive data patterns, scanning for the patterns while inspecting traffic, and allowing, blocking, or logging only when traffic matches the patterns.

SSL deep inspection is required by Application Control, Web Filter, and DLP components to perform inline scanning and detection of content within encrypted payloads. FortiSASE must be configured to block QUIC traffic to ensure traffic falls back to TLS encryption which can be inspected.

FortiSASE web filter with Inline-CASB, application control with Inline-CASB, and DLP do not require any special licenses beyond per-user FortiSASE licensing.

A typical topology for deploying this example design is as follows:

Previous
Next

SSA using FortiSASE Inline-CASB

For the secure SaaS access (SSA) use case, FortiSASE offers Inline-cloud access security broker (Inline-CASB) functionality for its application control and web filter security components and offers data loss prevention (DLP) functionality to ensure FortiSASE agent-based and agentless remote users have secure access to SaaS applications.

FortiSASE uses Application Control to act as an Inline-CASB by providing access control to software-as-a-service (SaaS) cloud application traffic. A CASB sits between users and their cloud service to enforce security policies as they access cloud-based resources.

Also, FortiSASE uses Web Filter with an Inline-CASB security component to customize headers when agentless (SWG) or agent-based (FortiClient) remote users are accessing SaaS applications. When configured, FortiSASE intercepts HTTP headers and can modify them for outgoing traffic and this process is also commonly known as HTTP header insertion. By customizing HTTP headers for FortiSASE outgoing traffic destined for SaaS applications, the Web Filter with Inline-CASB can control SaaS application behavior by restricting tenants' access.

In addition, FortiSASE uses data loss prevention (DLP) to prevent sensitive data from leaving or entering your network by defining various sensitive data patterns, scanning for the patterns while inspecting traffic, and allowing, blocking, or logging only when traffic matches the patterns.

SSL deep inspection is required by Application Control, Web Filter, and DLP components to perform inline scanning and detection of content within encrypted payloads. FortiSASE must be configured to block QUIC traffic to ensure traffic falls back to TLS encryption which can be inspected.

FortiSASE web filter with Inline-CASB, application control with Inline-CASB, and DLP do not require any special licenses beyond per-user FortiSASE licensing.

A typical topology for deploying this example design is as follows:

Previous
Next