Technical Tip: When enabling Dedicated IP on FortiSASE, when using Secure Web Gateway

As mentioned in Dedicated public IP addresses, a 2 to 4 hours downtime is required to enable this feature.

Note:

Once a Dedicated IP is activated, it cannot be deactivated, meaning rollback is not possible.

Before enabling Dedicated IP, the Secure Web Gateway (SWG) port is assigned randomly to the FortiSASE instance between 10445-50445.

After the dedicated IP is enabled, the Secure Web Gateway port will always be set to 9443, and it cannot be customized.

Therefore, when Secure Web Gateway is in production, after enabling Dedicated IP on FortiSASE, the below action has to be taken to maintain SWG functionality:

1. If end users are using the Downloading and customizing the PAC file: The PAC file will be automatically updated to port 9943 once the Dedicated IP is enabled on FortiSASE. Ensure that end users are using the updated PAC file.
2. If end users are using a Hosting the custom PAC file: Ensure to update the PAC file to use port 9443 and that end users are using the updated PAC file.