The following snippets summarize the FortiSASE Secure Internet Access (SIA) agent-based deployment, which is also known as the FortiSASE basic endpoint deployment. To view the complete guide, go to SIA Agent-based Deployment Guide.
FortiSASE Basic Endpoint Deployment
FortiSASE secure Internet access (SIA) extends an organization’s security by enforcing common security policy for Intrusion Prevention Systems (IPS) and application control, web and DNS filtering, antimalware, sandboxing, antibotnet/Command and Control to remote users.
SIA for agent-based remote users is the most typical use case, which involves installing and configuring FortiClient on supported endpoints including Windows, macOS, and Linux endpoints. The FortiSASE Administration Guide calls this use case endpoint mode. In this use case, the FortiSASE firewall as a service (FWaaS) comes between the endpoint and the Internet. Because FortiClient essentially sets up a full-tunnel SSL VPN with the FWaaS, agent-based SIA secures all Internet traffic and protocols using VPN policies. Each endpoint connects to a security PoP. Agent-based remote user authentication can be achieved by configuring the authentication source as either Active Directory / LDAP, RADIUS or as a SAML Identity Provider (SAML IdP).
A typical topology for deploying this example design is as follows:
Deployment Procedures
This deployment consists of the following steps:
- Provisioning your FortiSASE instance
- Configuring remote authentication and onboarding users
- Configuring security settings and VPN policies in FortiSASE
- Configuring DNS Settings
- Downloading and installing FortiClient on Windows endpoints
- Connecting FortiClient to FortiSASE and provisioning the FortiSASE VPN tunnel
- Connecting a user's endpoint to the FortiSASE tunnel using FortiClient and verifying Azure AD SAML S...
- Testing SIA using a managed FortiClient endpoint
For more information, go to SIA Agent-based Deployment Guide.
