Help
4D Documents
Best practices documents for defining, designing, deploying and demoing various cross product solutions.
fmerin_FTNT
Staff
Staff

Created on ‎07-27-2023 11:03 PM Edited on ‎07-28-2023 03:36 PM

Article Id 266086

SASE Architecture Guide for Enterprise

The following snippets summarize the SASE architecture guide for Enterprise deployments. To view the complete guide, go to SASE Architecture Guide.

 

Introduction

The guide is meant to provide high level insight into FortiSASE architectures for different secure access service edge use cases.

 

Design overview

In this architecture, these are the goals for remote users that connect to FortiSASE:

  • Enforce Secure Internet Access (SIA) when users access Internet and web-based applications
  • Allow Secure Private Access (SPA) when users access private company-hosted applications protected by a FortiGate next-generation firewall (NGFW)
  • Enforce Secure SaaS Access (SSA) when users access SaaS applications

 

Common FortiSASE Use Cases

With FortiSASE, remote users (agent-based, agentless, and site-based) form secure connections to the Internet, data center, and cloud by accessing global FortiSASE security points of presence, which enforce an organization’s security policies regardless of remote users' locations. See Common FortiSASE Use Cases for the latest examples.

 

FortiSASE component

Use case

Description

Secure Internet access (SIA)

Agent-based remote user Internet access

Secure access to the Internet using FortiClient agent

Agentless remote user Internet access

Secure access to the Internet using FortiSASE secure web gateway

Site-based remote user Internet access

Secure access to the Internet using Thin Edge FortiExtender device as FortiSASE LAN extension

Secure private access (SPA)

Zero trust network access (ZTNA) private access

Access to private company-hosted TCP-based applications behind the FortiGate ZTNA application gateway for various ZTNA use cases. This access method allows for a direct (shortest) path to private resources.

SD-WAN private access

Access to private company-hosted applications behind the FortiGate SD-WAN hub-and-spoke network. This access method extends private access for TCP- and UDP-based applications and offers data center redundancy.

Next generation firewall (NGFW) private access

Access to private company-hosted applications behind the FortiGate NGFW. This use case extends private access for UDP-based applications and agentless remote users.

Secure SaaS access

FortiCASB SaaS access

Access to SaaS applications using FortiCASB Cloud/API

FortiSASE Inline-CASB

Access control to SaaS applications using FortiSASE inline-CASB and SSL deep inspection on endpoint

SIA and SPA

Site-based remote users using FortiGate SD-WAN as a secure edge

Secure access to the Internet using FortiGate as FortiSASE LAN extension

 

Following is an example architecture of FortiSASE that incorporates all use cases:

fda701180afcc955e1ec62b7b5810bfb_Design%20topology

 

For more information, go to SASE Architecture Guide.

2267
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.