Scribd
Upload
7 views39 pages

Single Vendor SASE

Uploaded by

huyng08102001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views39 pages

Single Vendor SASE

Uploaded by

huyng08102001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Jason Tan

Yew Chee Ong


Mohamed Abosree
Toan Trinh
Introduction

Jason Tan Yew Chee Ong Mohamed Abosree Toan Trinh


APAC APAC ANZ ANZ

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 2


Agenda
08:30 Lab Introduction

08:40 Lab time

10:00 Break

10:30 Back to Labs

12:00 Additional features

12:30 Finish

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 3


© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 4
Today’s HoL
• On-boarding of users with agent (FWaaS)
• On-boarding of users without the agent (SWG)
• FWaaS security functionality
• SWG security functionality
• Accessing private resources via SDWAN Connector
• Accessing private resources via ZTNA Access Proxy

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 5


Connect to the lab
[Link]

• Passphrase: iamsase

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 6


Overview of the lab

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 7


Have Fun!!

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 8


What’s New

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 9


New Licenses
FortiSASE: Simple User-Based Licensing
New NFR SKU
• New NFR (Not-For-Resale) SKU supporting
Partner Testing, Training, demos and POCs FWaaS & SWG: L3-7 Firewalling, URL-Filtering, Anti-Malware
• FC1-10-EMS05-684-02-12
ZTNA : Cloud-Provisioned, Device Posture checking, Continuous assessment
• License cannot be resold
CASB : In-line CASB and API-Based for Managed and unmanaged devices

50 Seats license Endpoint Security : EPP, Sandboxing, Vulnerability Management

2 POPs Cloud Cloud 24 x 7


Supports 3
devices per
Logging Managed Support
user
+

7-Day log retention

Q3 2023 Products & Pricing Update © Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 11
Not-For-Resale License
FC1-10-EMS05-684-02-DD

• Your own FortiSASE instance that could be used for:


• Internal enablement
• External enablement. For example:
• Disties can use to train/provide HOL for partners or end
customers in addition to official Fast Track/NSE program today
• Partners can use to train/provide HOL to end customers.
• Demo – demonstrate FortiSASE to customers

Can not be resold

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 12


What can you do with the license?
Internet

• NFR license is just for the FortiSASE


instance.
• Partners with only the FortiSASE NFR
license would be able to demonstrate the
following use cases: API-CASB Management
Plane

• Secure Internet Access for Remote Workers


Inline
• Safe browsing from anywhere CASB
ZTNA

• Secure SaaS Access


• Secure Access to Cloud apps and files
SWG FWaaS

Agentless Agent

FortiClient

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 13


Things to consider.

• SASE = SD-WAN + SSE (FWaaS,SWG,ZTNA, CASB)


• Additional products/licenses maybe required:
• Thin Edge = FortiExtender / FortiAP (Roadmap Q4)
• Secure Edge (Roadmap Q4) = FortiGate HW connecting up to FortiSASE + Secure Edge
License*
• SPA = FortiGate HW or VM on-prem protecting local servers + SPA license*
• ZTNA = FortiGate HW or VM acting as application gateway
• Talk to your CAM/BDM about the capability you want to have/build up to.

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 14


What assistance might be required

• Enablement
• FortiSASE for SIA training
• To get started with selling FortiSASE to
Remote users but also integration with 3rd
party SD-WAN
• SD-WAN training – extensive NSE
program today
• FortiSASE 4D docs
• Demo environment setup
• Channel SE should be engaged to give
guidance based on our own experience

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 15


© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 16
FortiCloud Multi-tenancy and
FortiSASE
MSSP Portal - Overview

• From 23.2 FSS offers MSSP Portal which MSSPs can use to manage their end customers from
a single console.
• MSSP Portal includes the following features: Monitoring, Access and Management of FSS
tenants
• Based on FortiCloud IAM and OU structure! For details, see Organization Portal and Identity &
Access Management (IAM).

CONFIDENTIAL
© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 28
MSSP Portal - Prerequisites

• FortiCloud Premium license (FC-15-CLDPS-219-02-02) needs to be activated on MSSP's FC account


(root account)
• Organisation needs to be created at [Link] with respective OUs
• With the above two steps, MSSP Portal is automatically active and presented when logging in to
FortiSASE portal

CONFIDENTIAL
© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 29
FortiSASE Secure SaaS Access Overview

• End to End SaaS visibility.

• Dedicated Egress IPs.

• Tenant Access Control.

• Application Control Enforcement.

• Flexible reporting & Data export.

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 39


API visibility using FortiCASB
Included with FortiSASE license
FortiCASB Portal Access

FortiSASE Portal Under FortiCloud Services

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 41


FortiCASB Multi-Tenancy

Define Business Units Enable SaaS APIs per BU

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 42


FortiCASB Data Protection

FortiGuard DLP Patterns Enable Protection Policy

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 43


Per SaaS App Policies

Threat Protection Policy Compliance Policy

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 44


Tenant Access Control
Approved SaaS resources only
Web Filtering Inline-CASB
Header

Supported for both Needs Deep SSL Supports many apps such as Office 365,
Agent-based and SWG Inspection Google workspace, Slack..etc

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 46


Web Filtering Inline-CASB
Header

Confirm Tenant Review FortiSASE Web Filtering Log


Restrictions

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 47


Dedicated Egress IPs
Enforce SaaS Access through FortiSASE
Enforcing Access through
FortiSASE

Confirm FortiSASE Egress *Define FortiSASE IPs for Conditional


IPs Access

* Sometimes on Azure during approving Login locations per country FortiSASE IPs could be observed belonging to US/Cal. Even though they are locally existing within their physical DC at
their respective country (Ignore this error and we are trying to fix azure geo-location feeding of our IPs).

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 49


Enforcing Access through
FortiSASE

Allow SaaS Apps Enforce visibility for


Conditional Access unmanaged/disconnected users

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 50


Inline CASB Enforcement
FortiGuard Application Control
Control Files through
FortiSASE

Block,Monitor,Allow
Company Apps Enforce Per User(Group)/Per Device
Posture (ZTNA Tag)

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 52


Azure IDP Groups
Discovery

Configure FortiSASE
SAML credential Configure Azure IDP secret and
permissions

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 53


Reporting & Data export
Extract data in CSV and JSON format
Reporting & Data
Extraction

Fabric Integration with Direct Data extraction from different


FortiAnalyzer/Log GUI portals
forwarding

© Fortinet Inc. All Rights Reserved. Proprietary and Confidential. 55

You might also like