Deployment plan

This outlines the major steps to deploy this solution. Go to Deployment procedures for detailed configuration steps:

1. Provision your FortiSASE instance and select the regions where your users will be located. Input licenses as needed. See Provisioning your FortiSASE instance.
2. Configure users. See Configuring SSO SAML users and Configuring RADIUS users.
3. Configure Secure Web Gateway policies to apply desired scanning and filtering for your users. See Configuring security profiles and SWG policies.
4. Download the proxy autoconfiguration (PAC) file from the FortiSASE portal. Customize the file to exclude SSL VPN gateway and internal corporate networks. See Downloading and customizing the PAC file.
5. Host the PAC file on an externally accessible server. See Hosting the custom PAC file.
6. Configure proxy settings on endpoints to point to the PAC file. See Configuring proxy settings on endpoints.
7. Modify your SSL VPN gateway to enable split tunneling. See Modifying your SSL VPN gateway to enable split tunneling.