FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
acvaldez
Staff
Staff
Article Id 345977
Description This article describes how to configure SWG Policy with SSO authentication
Scope FortiSASE.
Solution

When configuring an SWG policy with SSO authentication, it is essential to use a Security Profile Group that includes Deep Inspection. If Deep Inspection is not enabled, the following behavior can occur: go under Configuration  -> SWG Policy.

 

profile that is not using deep inspection.png

 

Go under Configuration -> Security- > Profile Group drop-down.

 

profile that is not using deep inspection - v2.png

 

 

The implicit denial will be hit. Go under Analytics -> Logs -> Traffic (Filter using the IP address of the SWG client to check the traffic).

 

you will keep hitting the implicit deny .png

 

When a Security Profile with Deep Inspection is applied to the SWG policy, the correct policy will successfully match. However, ensure that the FortiGate certificate is installed on the user's machine for proper functionality. Go under Configuration -> SWG Policy.

 

policy used deep inspection profile.png

Notes: The default security profile deep inspection includes exemptions:

 

  • 'Finance and Banking'.
  • 'Health and wellness'.
  • URL categories.

2024-11-10_15h48_29.png

 

All of the exemptions need to be removed, or they will hit the implicit deny policy as well:

'Access Denied'

'The page you requested has been blocked by a firewall policy restriction.'

 

Go under Configuration -> Security -> Profile Group drop-down.

 

profile using deep inspection.png

 

user be able to be detected .png

 

user be able to be detected .png