FortiGate / FortiOS

FortiManager

FortiAnalyzer

Feature Administration Guide

Introduction
- FortiClient agent-based mode using FortiClient
- Proxy agentless mode
- Accessing the FortiSASE portal with IPv4 IPv6 connectivity
- Dedicated public IP addresses
- Embedded onboarding guide
- FortiFlex licensing
- Subscription renewal notification
- Network restrictions
- Remote agent and edge device user identification
- Required services and ports
- Signing in as an IAM user
- System status notifications
New features
Select availability features
- Authenticated onboarding
- BGP MED Setting
- Central management
- Central management for MSSP tenants
- Custom invitation codes
- Factory reset
- Network restrictions removed
- Private proxy
- SCIM server support
- Supporting external IdP users
Beta features
- Digital experience: TCP latency
IPsec remote agent support
- Tunnel settings
Monitoring
- Adding a custom dashboard
- Resetting all dashboards
- Drilling down on vulnerabilities
- FortiView monitors
- API-based CASB monitoring
- Edge Devices
- Endpoints
Operations
- Digital Experience Monitoring
- Endpoints
- Infrastructure
- Connected users
  - Packet capture
- Connected wireless clients
- SPA
- Edge devices
- On-ramp tunnel
- Reports
- Logs
- Administration
  - Software audit & version
    - SSL to IPsec transition mode
  - Automation
Network
- DNS
  - DNS redirection rules
- Geofencing
- IP management
- BGP
  - Advertise Hub Priorities
  - BGP MED Setting
- Proxy configuration
  - Private proxy
  - Secure proxy migration
Security
- Policies
- Proxy policies
  - Default proxy policies
  - Configuring a proxy policy
- Security profiles
- ZTNA
  - Agent-based ZTNA
  - Agentless ZTNA
- Hosts
- Schedules
- External feeds
  - Configuring an external feed
  - Applying an external feed
- Applications
- Data Protection
Endpoint management
- Endpoint profiles
- Security posture tags and tagging rules
  - Tagging rule types
- Endpoint management settings
- Endpoint upgrade
Access & authentication
- Users and groups
- PKI
- LDAP
  - Configuring FortiSASE with an LDAP server for remote user authentication in FortiClient agent-based mode
  - Configuring FortiSASE with an LDAP server for remote user authentication in proxy agentless mode
- Configuring FortiSASE with a RADIUS server for remote user authentication
- SSO
- Fortinet Single Sign On (FSSO)
- Domains
  - Entra ID domains
System
- Administration
- HTML templates
- API-based CASB
- Certificates
- Central Management
- Snapshot
  - Factory reset
- Subscription overview
- RBI
  - Example: Configuring RBI with proxy
Client onboarding
- Managed endpoint client onboarding
  - Allowlisting FortiClient (Windows) processes
  - Allowlisting FortiClient (MacOS) processes
- Proxy client onboarding
- Enterprise mobility management
MSSP portal
- Considerations
- Configuration workflow
  - Resource-based permissions
- Using the MSSP portal
- SPA for an MSSP hub
- Central management for MSSP tenant
Troubleshooting
FAQs
- Dedicated public IP addresses
- Licensing
- Security PoPs
- Shifting from FortiClient EMS to FortiSASE
- Shifting from standalone VPN-only FortiClient (free) to FortiSASE
Appendix A - FortiSASE data centers
Appendix B - REST API
Appendix C - Tunnel performance
Appendix D - Maximum values
Appendix E - Monthly maintenance
Appendix F - Security and compliance

Home FortiSASE Feature Administration Guide

Introduction

FortiSASE is a software-as-a-cloud-delivered service that allows clients to securely access the internet with the protection from FortiOS. With FortiSASE, you can ensure to protect remote off-net endpoints and users with the same security policies as when they are on-net, no matter their location. The service is available through a subscription based on the number of users.

FortiSASE works with various FortiCloud services in the background to deliver a seamless service for securing your internet access.

In terms of security, FortiSASE offers the following features to protect clients:

Antivirus
Web Filter
Intrusion prevention
File filter
Data loss prevention
Application control
SSL inspection

Security features are customizable and offer many familiar settings as you would see on a FortiGate.

Several flexible steering methods are used to steer or redirect network traffic from the user edge to FortiSASE. These steering methods can be used to securely access Internet, private, and SaaS destinations or applications, respectively, and therefore used to implement FortiSASE Secure Internet Access (SIA), Secure Private Access (SPA), and Secure SaaS Access (SSA) use cases.

Steering Method	Destinations
Agent (FortiClient)	Internet and web-based applications	Private applications via SPA hub	SaaS applications via CASB
IPsec with routing (Thin Edge, Branch On-Ramp)
IPsec with explicit proxy (Private Proxy)
Agentless (Proxy)
FortiSASE use case	Secure Internet Access (SIA)	Secure Private Access (SPA)	Secure SaaS Access (SSA)

For details on these FortiSASE use cases, see the 4-D FortiSASE Architecture Guide.

For details on the deployment process, see FortiSASE Cloud Deployment.

User provisioning is made simple, whether you are creating local users in bulk, integrating users from your Active Directory or LDAP server, or integrating with SAML authentication. You can also easily group your users to apply similar policies.

See Service Organization Controls (SOC2) compliance standard.

Introduction

FortiSASE works with various FortiCloud services in the background to deliver a seamless service for securing your internet access.

In terms of security, FortiSASE offers the following features to protect clients:

Antivirus
Web Filter
Intrusion prevention
File filter
Data loss prevention
Application control
SSL inspection

Security features are customizable and offer many familiar settings as you would see on a FortiGate.

Steering Method	Destinations
Agent (FortiClient)	Internet and web-based applications	Private applications via SPA hub	SaaS applications via CASB
IPsec with routing (Thin Edge, Branch On-Ramp)
IPsec with explicit proxy (Private Proxy)
Agentless (Proxy)
FortiSASE use case	Secure Internet Access (SIA)	Secure Private Access (SPA)	Secure SaaS Access (SSA)

For details on these FortiSASE use cases, see the 4-D FortiSASE Architecture Guide.

For details on the deployment process, see FortiSASE Cloud Deployment.

See Service Organization Controls (SOC2) compliance standard.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

Feature Administration Guide

Introduction

Introduction

More Links

Introduction

Introduction