Fortinet Community

Hi again R_F,

It looks like this article may be relevant to what you're after. I'll keep looking for someone who can help you directly in the meantime, but let me know if this helps.

Thanks for the swift revert @Stephen_G .

Maybe I wasn't clear about the goal I wanted to achieve. Again, not sure if this is achievable with the current FSASE version.

Through a series of simulations with regard to the SIA use case. I was able to gain knowledge of how it really works. Now, I am getting into a bit complex part which is exploring the SPA. SASE and my FG (On-prem) integrated via IPSec VPN and BGP. Thanks to some video tutorials found online and sase admin guide.

Since the endpoint is being managed by the SASE cloud, is it possible that endpoint internet access would pass through SASE and then to my On-prem FG with SDWAN configured? I am exploring that endpoint restriction would be handling FG on-prem and playing around with its internet access thru FG on-prem SDWAN.

Definetly if remote endpoint is virtual (ssl/ipsec) or directly connected with on-prem FG I can achieve above goal.

Hi R_F,

I'm really sorry, but I have so far been unable to find anyone who can help. FortiSASE is still a very recent solution with a few specialists.

Hopefully someone can reply to this topic with their insight. If you have any support queries, you're welcome to get in touch with our support team. I'll keep looking in the meantime.

Kind regards,

Hello again R_F,

I talked with one of our experts.

It sounds like this is what you are trying to achieve:

User - > FSS -> SPA HUB -> [SDWAN] Internet.

However, it would be more efficient to configure the following:

User -> FSS -> Internet

From what I understand, SSE already covers everything you would need the SPA HUB for. As a result, you would likely be better served by having only FSS as the connection intermediary i.e. we recommend against what you're trying to accomplish.

I hope that helps!

Kind regards,

thank you for your insights @Stephen_G