Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
btan
Staff & Editor
Staff & Editor

Created on ‎02-11-2025 11:03 PM

Article Id 376033

Technical Tip: When enabling Dedicated IP on FortiSASE, when using Secure Web Gateway

Description This article explains things to take note when enabling Dedicated IP on FortiSASE, when using Secure Web Gateway.
Scope FortiSASE.
Solution

As mentioned in Dedicated public IP addresses, a 2 to 4 hours downtime is required to enable this feature.

 

Note:

Once a Dedicated IP is activated, it cannot be deactivated, meaning rollback is not possible.

 

Before enabling Dedicated IP, the Secure Web Gateway (SWG) port is assigned randomly to the FortiSASE instance between 10445-50445.


sase-swg-s1-1.PNG

After the dedicated IP is enabled, the Secure Web Gateway port will always be set to 9443, and it cannot be customized.

 

sase-swg-s2-2.PNG


Therefore, when Secure Web Gateway is in production, after enabling Dedicated IP on FortiSASE, the below action has to be taken to maintain SWG functionality:

  1. If end users are using the Downloading and customizing the PAC file: The PAC file will be automatically updated to port 9943 once the Dedicated IP is enabled on FortiSASE. Ensure that end users are using the updated PAC file.
  2. If end users are using a Hosting the custom PAC fileEnsure to update the PAC file to use port 9443 and that end users are using the updated PAC file.
Labels:
465
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.