This article describes how to use the Secure Internet Access (SIA) Mechanism.
FortiSASE.
This article assumes that the end user VPN configuration has been completed and that the user is able to connect the VPN to FortiSASE.
Once the end user is able to connect the VPN, it is necessary to configure policy on a user basis to give them access accordingly.
It is important to link all traffic passing through FortiSASE with a corresponding policy. These policies dictate the path of the traffic, determine how FortiSASE handles it, and establish whether the traffic is permitted to traverse through the system
When a session is started through the VPN tunnel, FortiSASE checks the connection using VPN policies. It goes through each policy from top to bottom, comparing the session details to the policy settings. If it finds a match and the action is 'Accept,' FortiSASE applies security measures. If the action is 'Deny,' FortiSASE stops the traffic.
By default, the 'allow all' policy will be seen.
Fine-tune it as desired with user group, create a separate policy for each user group, allow the access as required.
In this example, a new policy was created to allow the VPN_User to match the group.
Note Force Certificate Inspection. If this is enabled, it will ignore the SSL inspection configured in the selected profile group and use certificate inspection instead.
Even if deep inspection is defined in the profile: if Force Certificate Inspection is enabled, traffic matching this particular policy will use Certificate inspection.
The UTM profile can be defined through traits like webfilter, app control, filter filter, DNS filter, DLP, IPS, AV, etc.
Go to Configuration -> Security.
On the top right side, the profile group name will be seen, which can be pulled out in the policy.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.