Description
This article describes how to integrate SWG with FortiSASE.
Scope
FortiSASE.
Solution
This article assumes that SAML SSO configuration on FortiSASE has been configured.
For SSO configuration refer to the below article:
Tutorial: Microsoft Entra SSO integration with FortiSASE
- Configuring Security Inspection for SWG:
Navigate to the Security section in the FortiSASE console by selecting Configuration, and ensure to be within the Internet Access space. Select the drop-down list adjacent to the Profile Group section in the right-upper corner. Then, select the Create button to generate a new profile. Assign a meaningful name, such as 'SWG-Profile' in the example provided below.
Now, proceed to the SWG Policies category by navigating to Configuration.
- Enrolling Endpoints:
To direct web-based traffic to the FortiSASE Proxy, administrators have several options for instructing clients:
Configure the client Operating System's proxy settings to automatically retrieve the PAC file hosted on the FortiSASE public web server.
Go to System -> SWG Configuration -> Copy Hosted PAC File.
Open Proxy settings and specify the 'Hosted PAC File' URL copied from the FortiSASE console into the 'Script address', as shown in the picture below:
Also, install the certificate used by SWG on the endpoints from System -> SWG configuration -> Download SWG Certificate.
Validate proxy functionality by opening a web browser on the test client machine. Confirm the authentication pop-up window, and enter the credentials for a corporate user as per the defined SAML authentication scheme on FortiSASE.
Go to the dashboard and view the FortiView sources, the user traffic flow will appear:
For detailed traffic analysis, access the session logs to delve deeper into the specifics, as demonstrated in the example.
Go to Analytics -> Logs -> Traffic.
