Scribd
Upload
1K views73 pages

FortiSASE - Training

Uploaded by

pablollfreitas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views73 pages

FortiSASE - Training

Uploaded by

pablollfreitas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 73

Diego Marcusso – Sr.

Systems Engineer
Rafael Claudio – Systems Engineer

Apoio:

Created by:
Diego Marcusso
Rafael Claudio
Agenda

• Introdução sobre SASE

• Evolução de SD-WAN, ZTNA e SASE

• Arquitetura

• Principais funcionalidades

• Explicação de Casos de Uso

• Criação de BoM

• Kahoot

• Laboratório prático

© Fortinet Inc. All Rights Reserved. 2


SASE Market
SASE Trends

By 2025, 50% of new SD-WAN purchases will be


part of a single-vendor SASE offering, up from 10%
in 2022.

By 2025, one-third of new SASE deployments will


be based on a single-vendor SASE offering, up
from 10% in 2022.

Source
https://www.gartner.com/doc/reprints?id=1-2BE2MYZL&ct=221012&st=sb&submissionGuid=fe2094f3-1bd1-4fcd-a29f-c70fef180ddb

© Fortinet Inc. All Rights Reserved. 4


Gartner Magic Quadrant

Feb. 2023 Magic Quadrant™ for Security Nov. 2022 Magic Quadrant™ for Network Sep. 2022 Magic Quadrant™ for SD-WAN
Service Edge Firewalls

© Fortinet Inc. All Rights Reserved. 5


Gartner Recognizes Fortinet as Single-Vendor SASE

FortiSASE

Gartner - 10 April 2023


Magic Quadrant for Security Service Edge
Honorable Mentions

Fortinet: Fortinet provides a cloud-delivered SWG, CASB and ZTNA via ForitSASE and a universal ZTNA offering based on its next-generation
firewall (NGFW) acting as an in-line proxy. Fortinet has a large globally diverse client base. We excluded Fortinet because
as of 1 September 2022, it did not meet Gartner’s required minimum points of presence globally for direct customers of FortiSASE.
© Fortinet Inc. All Rights Reserved. 6
Why? How?

SASE
Too Many Security Acronysm

NGFWaaS SD-WAN SWG SASE CASB WAF CSPM C&C


DevSecOps

DLP IPS IAM 2FA VPN


ZTNA DAST SAST DDoS

XDR NDR Cloud FW IR&R SSL


Web CloudSec DNSSec Sandbox
Filter Decryption

© Fortinet Inc. All Rights Reserved. 8


In the Beginning

Branch

Applications
Users
On Network MPLS
FortiGuard
DLP
Web
IPS Filtering

SSL
Decryption Anti-
Virtus
Advanced User
Threat Security
Protection

Internet

© Fortinet Inc. All Rights Reserved. 9


Dual-MPLS

Branch
MPLS

Applications
Users
On Network MPLS
FortiGuard
DLP
Web
IPS Filtering

SSL
Decryption Anti-
Virtus
Advanced User
Threat Security
Protection

Internet

© Fortinet Inc. All Rights Reserved. 10


SD-WAN – Internet as WAN
Secure SD-WAN:
• Intelligent Routing
• Zero Touch Provisining
• QoE
• Application Resilience
• Cloud On Ramp
• Integrated Advanced Security

Branch
MPLS

Internet-VPN Applications
Users
On Network
FortiGuard
DLP
Web
IPS Filtering

SSL
Decryption Anti-
Virtus
Advanced User
Threat Security
Protection

Internet

© Fortinet Inc. All Rights Reserved. 11


Extending security to remote branches
Secure SD-WAN:
• Intelligent Routing
• Zero Touch Provisining
• QoE
• Application Resilience
• Cloud On Ramp
• Integrated Advanced Security

Branch
MPLS

Internet-VPN Applications
Users
On Network
FortiGuard
DLP
Web
IPS DLP
IPS Filtering
SSL
Decryption SSL
Decryption Anti-
Virtus
Advanced User
Threat
Anti- Security
Web Protection
Virtus
Filtering

FortiGuard User
Advanced
Security
Threat
Protection

Internet

© Fortinet Inc. All Rights Reserved. 12


SaaS Application – Direct Internet Access
Secure SD-WAN:
• Intelligent Routing
• Zero Touch Provisining
• QoE
• Application Resilience
• Cloud On Ramp
• Integrated Advanced Security

Branch
MPLS

Internet-VPN Applications
Users
On Network
FortiGuard
DLP
DIA Web
IPS DLP
IPS Filtering
SSL
Decryption SSL
Decryption Anti-
Virtus
Advanced User
Threat
Anti- Security
Web Protection
Virtus
Filtering

FortiGuard User
Advanced
Security
Threat
Protection

Internet SaaS

© Fortinet Inc. All Rights Reserved. 13


Multi-Cloud Adoption
Apps Apps Apps

Branch
MPLS

Internet-VPN Applications
Users
On Network
FortiGuard
DLP
DIA Web
IPS DLP
IPS Filtering
SSL
Decryption SSL
Decryption Anti-
Virtus
Advanced User
Threat
Anti- Security
Web Protection
Virtus
Filtering

FortiGuard User
Advanced
Security
Threat
Protection

Internet SaaS

© Fortinet Inc. All Rights Reserved. 14


Zero-Trust Network Access
Apps Apps Apps
HTTP/HTTPS application only

Users
Agentless

Cloud-Based or on-premises applications


Users
Client-Based
Data Center
Branch

Applications
Users
On Network
FortiGuard

DIA DLP
Web
IPS DLP
IPS Filtering
SSL
Decryption SSL
Decryption Anti-
Virtus
Advanced User
Threat
Anti- Security
Web Protection
Virtus
Filtering

FortiGuard User
Advanced
Security
Threat
Protection

Internet SaaS

© Fortinet Inc. All Rights Reserved. 15


SASE
Apps Apps Apps

Users
Agentless

IPS DLP
SSL
Users Decryption
Client-Based CASB Data Center
Branch SWG
Web Anti-
Filtering Virtus
Internet-VPN
FortiSASE
Cloud- Use Security Applications
Users Advanced
FWaaS SDWAN
On Network
Managed Threat ZTNA
Protection FortiGuard FortiGuard
DLP
Web
IPS DLP
IPS Filtering
SSL
Decryption SSL
Decryption Anti-
Virtus
Advanced User
Threat
Anti- Security
Web Protection
Virtus
Filtering

FortiGuard User
Advanced
Security
Threat
Protection

Internet SaaS

© Fortinet Inc. All Rights Reserved. 16


What is SSE (Secure Service Edge)?
SSE is focused primarily on security services

Cloud-delivered Security

FWaaS/SWG
ZTNA
DLP (optional)
SSE CASB
Browser Isolation (optional)

Secure Service Edge (SSE)

© Fortinet Inc. All Rights Reserved. 17


What is SASE (Secure Access Service Edge)?
Cloud-delivered network and security convergence solution for work-from-anywhere
Networking Cloud-delivered Security

FWaaS/SWG
ZTNA
SD-WAN DLP (optional)
CASB
SASE Browser isolation (optional)

Secure Service Edge (SSE)

© Fortinet Inc. All Rights Reserved. 18


Convergence of On-Prem and Remote Users Network

Single-vendor
SASE Benefits
Single-
Vendor SASE • Improved risk posture
On-prem Remote Users
Simplicity and reduced security gaps
NGFW Cloud-Delivered
SD-WAN
Consistent Security Security • Provide simplicity
Better User eliminating multiple products
Experience • Efficient operations
with single agent
• Cost savings from product
and vendor reduction

© Fortinet Inc. All Rights Reserved. 19


Fortinet FortiSASE
Cloud-delivered security with AI-powered security services for work-from-anywhere

Securing Remote Users Cloud-delivered Security & Networking Improved User Experience

Secure SaaS Access

Cloud CASB
Managed

SWG Secure Internet Access


SASE

Web
FWaaS

Unified Agent SD-WAN Secure Private Access


AI-Powered
Security
ZTNA
Data Center

© Fortinet Inc. All Rights Reserved. 20


Key Customer Initiatives for SASE

Branch
Transformation
Router Secure SD-WAN

Proxy
Replacement
On-prem proxy Cloud proxy

Secure Remote
Access
SASE
Legacy VPN Zero-trust

© Fortinet Inc. All Rights Reserved. 21


FortiSASE
Data Center

• FortiSASE offers comprehensive security solution for remote


workers - "Work from Anywhere" Internet

• FortiSASE offers central management of the entire security


stack including ZTNA with a simple to navigate user interface NGFW
and best practices configuration
Device Security
• FortiClient agent or PAC files are utilized to connect remote FortiSASE
Cloud Managed
users to FortiSASE Cloud for security inspection
Content Security
• FortiSASE supports remote user authentication along with
SAML SSO
Integrated
• FortiSASE Thin Edge extends the security services to remote ZTNA
SWG Web Security
branches utilizing FortiExtender

• All security inspection for endpoint traffic will be performed in


the cloud including:
• Integrated ZTNA with device posture check & continuous user
verification
• IPS, AV, Web Filtering, DLP, File Filter, and App Control
Explicit Proxy Redirection
• SSL Inspection FortiClient
• Malware Scanning with integrated Cloud or on-premises Sandbox
• FortiClient agent offers endpoint security, USB device control,
application firewall and ransomware protection

© Fortinet Inc. All Rights Reserved. 22


FortiSASE Key Features
FortiSASE Point of Presence (PoP)

• Used for traffic inspection


• Each customer selects 4 PoPs
• Fortinet has several POPs around the
world and is constantly creating new
ones

https://status.fortisase.com/

© Fortinet Inc. All Rights Reserved. 24


DNS based in Geographical Location
• Connect FortiSASE remote users to the closest
PoP/data center for which they are licensed

• It uses GeoDNS approach => NOT Anycast

• Fortinet solution is based in AWS Route53


(there are other providers in the market)

turbo-customerB.edge.prod.fortisase.com

• Each end customer uses a different FQDN that will


be resolved by DNS to a different IP based on: turbo-customerA.edge.prod.fortisase.com

• Customer entitlement/PoP
• Customer A uses PoPs in Burnaby, Ottawa, Sophia, London

• Customer B uses PoPs in Tokyo, Frankfurt, Sophia, London

• User’s geographical location

(note a “end customer” is typically an MSSP/enterprise while “remote users” are


© Fortinet Inc. All Rights Reserved. 25
the actual final users of the security service provided by FortiSASE)
Dashboard Overview
• Checking live status updates,
including outages for security
PoPs from the Asset Map.
• Locate Asset either pop or user
• Monitoring application
bandwidth usage through a
dashboard widget.

© Fortinet Inc. All Rights Reserved. 27


FortiSASE Components

Endpoint FortiSASE (FortiOS based)


• Agent-based: FortiClient • IPS, AV, Web Filtering, DLP, File Filter, and App Control
• Endpoint Management Service
based on FortiClient EMS • SSL inspection
• FortiClient Cloud fabric connector • ZTNA
• Agentless: Web browser-based device • SPA
• SSA

© Fortinet Inc. All Rights Reserved. 28


FortiSASE Endpoint Modes

• Endpoints connect to FortiSASE through


an always-up VPN connection using
FortiClient. In endpoint mode, you can
also configure zero trust network access.

• In secure web gateway (SWG) mode,


users configure FortiSASE as a SWG
server on their device at the OS level or
in a browser

© Fortinet Inc. All Rights Reserved. 29


Profiles – General
Internet Access or Private Access. Profile groups can be configurated for granular set or rules.

• Security Profiles for Internet Access


• Can be used for granular access control.
Ex.: SIA for different user groups
• We can manipulate each security profile
according our needs for the specific user
groups.

© Fortinet Inc. All Rights Reserved. 30


Profiles – General

• Security Profile for Private Access


• Can be used for granular control of user
groups (example).
• We can manipulate according our needs
for the specific user group.

© Fortinet Inc. All Rights Reserved. 31


Profiles – Web Filter
Web Filtering can protect your network by blocking access to malicious, hacked, or inappropriate
websites.

• We can customize the filters


• Inline-CASB Headers are fully
configurable
• It’s possible to check threat logs and
general logs generated by the profile
from the configuration tab

© Fortinet Inc. All Rights Reserved. 32


Profiles – Web Filter
Customization View
• Same GUI of FortiGate
• Same options as: FortiGuard
Categories, URL Filter, Content Filter.
• Web Interface Inline-CASB Header
configuration

© Fortinet Inc. All Rights Reserved. 33


Profiles – DNS Filter
DNS filter secures your network by blocking access to a certain domain or a category of domains.
• Not supported for SWG traffic
• Blocks C&C domains. 80.000 domains in
botnet package
• It’s possible to check threat logs and
general logs generated by the profile
from the configuration tab
• Domain Filter
• Allows you to define your own domain list to
block or allow.
• Takes precedence of FortiGuard categories.

• DNS Translation
• Maps the resolved result to another IP
address that you have defined.

© Fortinet Inc. All Rights Reserved. 34


FortiCASB & Inline CASB

API-based CASB (FortiCASB)

API-based CASB is a cloud-native cloud access security


broker (CASB) service that provides visibility, compliance,
data security, and threat protection for cloud applications.
It enables deep inspection and policy management for
data stored in SaaS and IaaS applications.

Inline CASB with ZTNA and SASE

The FortiGate ZTNA access proxy can be configured to


act as an inline CASB by providing access control to SaaS
traffic using ZTNA access control rules.
FortiSASE uses application control and SSL deep
inspection to act as an inline CASB.

© Fortinet Inc. All Rights Reserved. 35


Profiles – App Control With In-line CASB
FortiSASE can recognize network traffic generated by a large number of applications. Network
traffic is analyzed to detect application traffic, even if the traffic uses non-standard ports or
protocols.

• Application Categories
• Application Overrides
• Customizable Categories

© Fortinet Inc. All Rights Reserved. 36


Profiles – SSL Inspection
SSL inspection is the key used to unlock encrypted sessions, see into encrypted packets, find
threats, and block them.

• Certificate Inspection and Deep


Inspection
• DPI available for SWG
• DPI is required for Split DNS and Inline-
CASB functionality (App Control and
Web Filtering
• Exempt hosts or categories

© Fortinet Inc. All Rights Reserved. 37


Profiles – SSL Inspection
SSL inspection is the key used to unlock encrypted sessions, see into encrypted packets, find
threats, and block them.

• Import your own certificate for SSL


Inspection

© Fortinet Inc. All Rights Reserved. 38


Profiles – File Filter
File Filter allows you to block or monitor specific file types.

• Block or monitor specific file types


• Inspection is based on file type only, not
on file content

© Fortinet Inc. All Rights Reserved. 39


Profiles – Data Leak Prevention
Data Leak Prevention prevents sensitive data from leaving or entering your network.

• Add filters based on predetermined


content patterns or customize your own
Regular Expression.
• Actions: Allow, Block or Monitor
• Protocols: SMTP, POP3, IMAP, NNTP
and HTTP-POST

© Fortinet Inc. All Rights Reserved. 40


Profiles – AntiVirus

• Traffic matching the following protocols


will be inspected: CIFS, SMTP, POP3,
IMAP, FTP and HTTP.

© Fortinet Inc. All Rights Reserved. 41


Profiles – Instrusion Prevention
Intrusion Prevention System technology protects your network from cybercriminal attacks by
actively seeking and blocking external threats before they can reach potentially vulnerable network
devices.

• Three profiles:
• Recommended - Scans traffic for all known
threats and applies the recommended action.
• Critical - Scans traffic for critical threats and
blocks them.
• Monitor - Scans traffic for threats but does not
apply any action. Primarily used for logging.

© Fortinet Inc. All Rights Reserved. 42


Profiles – Sandboxing
• Two options available:
• FortiSASE Sandbox
• Standalone FortiSandbox to configure
connection to an on-premise standalone
FortiSandbox

• Exclude files signed by trusted sources


from FortiSandbox submission. Following
is a list of sources that FortiSandbox
trusts:
• Microsoft, Fortinet, Mozilla, Windows, Google,
Skype, Apple,Yahoo!, Intel

• This feature only works for endpoints


where Sandbox Detection was enabled
when installing FortiClient.

© Fortinet Inc. All Rights Reserved. 43


Policies
Policies control where the traffic goes, how FortiSASE processes it, and whether FortiSASE allows
it to pass through.
• Two policy types:
• VPN Policies
• SWG Policies

• Granular policies filtered by users, user


groups, services, all internet traffic or
ISDB, profile groups.
• It’s possible to use ZTNA TAGs to
control access checking machine
ZTNA TAGs and conditions
User Groups

© Fortinet Inc. All Rights Reserved. 44


Policies
Policies control where the traffic goes, how FortiSASE processes it, and whether FortiSASE allows
it to pass through.

© Fortinet Inc. All Rights Reserved. 45


Authentication Sources and Access
In Authentication Sources and Access, you can control network access for different users and
devices in your network. FortiSASE authentication controls system access by user group

• LDAP - Configure remote users over LDAP to


easily integrate FortiSASE with a Windows
Active Directory (AD) server or another LDAP
server.
• RADIUS - Configure remote authentication
with a RADIUS server. You can allow all users
from the IdP or define a group.
• Single sign on (SSO) - Configure an SSO
connection with an authentication server such
as Azure AD or Okta, where Azure AD or Okta
is the identity provider (IdP) and FortiSASE is
the service provider (SP).
• Local

© Fortinet Inc. All Rights Reserved. 46


Client Onboarding
How a user connects depends on if their endpoint is managed by FortiClient or not. Managed
endpoints connect using VPN. Agentless users connect using Secure Web Gateway.
Invitation Code - This is the code to input into
FortiClient to allow managed users to be
automatically provisioned to connect to
FortiSASE.

Preconfigured FortiClient Installers - These


installers are preconfigured with your
FortiSASE invitation code.

Generic FortiClient Installers -


These installers are publicly available installers
that do not come preconfigured with your
FortiSASE invitation code.

Invite Users - Click + to add a blank field


where you can enter the email address of the
managed endpoint users to onboard to
FortiSASE.
© Fortinet Inc. All Rights Reserved. 47
Secure Private Access (SPA) - SD-WAN and IPSec

• FortiSASE supports secure private access


(SPA) using SD-WAN or SPA using a next
generation firewall converted to a standalone
FortiSASE SPA hub.

• It forms a traditional hub-and-spoke topology


that supports the Fortinet autodiscovery VPN
(ADVPN) configuration.

• The PoPs acts as a spokes

• FortiSASE remote users may access private


resources behind FortiGate hub(s) directly
through FortiSASE to hub(s) IPsec tunnels. If
a private resource is behind an organization’s
spoke device, they may connect directly to
that resource through an on-demand

© Fortinet Inc. All Rights Reserved. 48


ZTNA Access Proxies

ZTNA
Never trust,
Access Proxy
always verify
Cloud

Client Web App 1


Access Proxy
File Share
Identify users,
Posture Tags
validate devices
Web App 2
ON/OFF
Network RDP

Secure just
Data Center enough access

Continuous Trust Check

Access Specific Applications


ZTNA Policy Continuous
User Contextual Rule Set posture re-evaluation
DC Independent

© Fortinet Inc. All Rights Reserved. 49


Analytics - FortiView
The following FortiView monitors are available in FortiSASE:

You can create and modify a custom monitor

© Fortinet Inc. All Rights Reserved. 50


Analytics - Reports
Reports and logs are useful components to help you understand what is happening on your
network, and to inform you about network activities, such as a virus detection, visit to an invalid
website, intrusion, failed login attempt, and others.

© Fortinet Inc. All Rights Reserved. 51


Analytics – External Log Server
Traffic Logs

Security Logs

Local data can be retained for up to 90 days

External log server

© Fortinet Inc. All Rights Reserved. 52


Use Cases
USE CASE 1

Secure Internet Access (SIA) for Remote Users

Internet
Safe browsing from anywhere

Malware & ransomware prevention


Continuously assess the risks and automatically
respond to counter known and unknown threats
Management Plane

Deep inspection of end-user activity


Constant inspection of web activity for threats,
SWG FWaaS even when using secured HTTPS access

Market Leading Security as a Service


Fortinet best-in-class Cloud security efficacy
Agentless Agent powered by FortiGuard Labs

FortiClient

© Fortinet Inc. All Rights Reserved. 54


Security Configuration - One Enforcement Location

2 3

1 Simplified FOS
Security from
1
single pane

2 Default profiles
available for fast
consumption
z

3 Web and Private


App visibility
4
4 Security profiles
can be customized

© Fortinet Inc. All Rights Reserved. 55


USE CASE 2

Flexible Secure Private Access (SPA)

Internet
Apps Secure corporate app access
DCs/Cloud

FGT Secure Cloud & datacenter app access


Anywhere secure access to corporate apps
Management
for asset protection and compliance
Plane

Apps
ZTNA SD-WAN
HQs/Branches
Highly granular Access Control
Context-based zero-trust access enforcement,
FGT
app based and adaptive with AI/ML
SWG FWaaS

On-prem SD-WAN integration


Superior user experience with full integration
Agentless Agent with Fortinet SD-WAN architecture

FortiClient

© Fortinet Inc. All Rights Reserved. 56


SPA with SD-WAN

Private
Apps
SD-WAN Private Access
Data Center

Management
Plane
Augment to existing SD-WAN

ZTNA SD-WAN

Private
Apps Intelligent routing & steering
SWG FWaaS
Data Center

Broader app support


(UDP-based VoIP, video, UC)

Agent

FortiClient

© Fortinet Inc. All Rights Reserved. 57


FortiSASE SPA
Bridge to securely connect remote users to their private applications

SD-WAN
Datacenters

Available
PoPs

Remote
User

© Fortinet Inc. All Rights Reserved. 58


SPA with ZTNA

Private
Apps Enabling Universal ZTNA
DCs/Cloud

App Gateway
Cloud provisioned
ZTNA connections
FWaaS Management
Plane
Private
Apps Device attributes, user info,
posture-based security
HQs/Branches
SWG ZTNA
App Gateway
Granular per-session
posture checks

Continuous posture
Agent re-assessment

FortiClient

© Fortinet Inc. All Rights Reserved. 59


USE CASE 3

Secure SaaS Access (SSA) for Visibility and Control

Internet Secure Access to Cloud apps and files

Cloud App Access Control


API-CASB
Safe Cloud Application access and blocking
of malicious apps with in-line CASB feature

IL-CASB Management
Plane

Deep control & view of apps content


Control over app content and files with API-based
FWaaS CASB for enhanced security and threat detection
SWG

Unified agent for anywhere detection


FortiClient Agent covers all the use-cases
Agentless Agent from SASE, Zero-trust, SaaS security,
and End-Point Protection
FortiClient

© Fortinet Inc. All Rights Reserved. 60


FortiSASE - The Fortinet Advantage

Secure Adaptive Simple Efficient

Users Context-based Single agent Best-in-class


— security — —
Endpoints — Configuration High performance
— AI-powered threat — —
Applications detection Management Integration

© Fortinet Inc. All Rights Reserved. 61


BoM
FortiSASE Licensing

© Fortinet Inc. All Rights Reserved. 63


Differentiators
Differentiators

• Simplified license
• Per user (3) or endpoints
• Bandwidth

• SD-WAN and NGFW market leader

• SD-WAN on SASE

• Simplified integration with on-premises

• Leverage existing customer base

© Fortinet Inc. All Rights Reserved. 65


Consulting Services
Cloud Consulting Services
Cloud Data Center Internet/SaaS
Cloud Consulting
• Create a hybrid network and
security solution
• Blueprint for SASE transformation
• Align stakeholders around the
most urgent and impactful ZTNA
initiatives FortiSASE Device Security
Cloud Managed

• Strategy to move forward towards


Content Security
SASE/ZTNA
Web Security
• Implementation plan

Network Edge Remote Users


© Fortinet Inc. All Rights Reserved. 67
Cloud Consulting Services
Cloud Data Center Internet/SaaS
Cloud Consulting
• Create a hybrid network and
security solution
• Blueprint for SASE transformation
• Align stakeholders around the
most urgent and impactful ZTNA
initiatives FortiSASE Device Security
Cloud Managed

• Strategy to move forward towards


Cloud Consulting Content Security
SASE/ZTNA
Web Security
• Implementation plan

Network Edge Remote Users


© Fortinet Inc. All Rights Reserved. 68
Cloud Consulting Services
Cloud Data Center Internet/SaaS
Cloud Consulting
• Create a hybrid network and
security solution
• Blueprint for SASE transformation
• Align stakeholders around the SPA SDWAN
Cloud Consulting
most urgent and impactful ZTNA
initiatives FortiSASE Device Security
Cloud Managed

• Strategy to move forward towards


Cloud Consulting Content Security
SASE/ZTNA
Web Security
• Implementation plan

Network Edge Remote Users


© Fortinet Inc. All Rights Reserved. 69
Cloud Consulting Services
Cloud Data Center Internet/SaaS
Cloud Consulting
• Create a hybrid network and
security solution
• Blueprint for SASE transformation
• Align stakeholders around the SPA SDWAN
Cloud Consulting
most urgent and impactful ZTNA
initiatives FortiSASE Device Security
Cloud Managed

• Strategy to move forward towards


Cloud Consulting Content Security
SASE/ZTNA
Web Security
• Implementation plan

Policy Migration

Network Edge Cloud Consulting Remote Users


© Fortinet Inc. All Rights Reserved. 70
Cloud Consulting Services
Cloud Data Center Internet/SaaS
Cloud Consulting
• Create a hybrid network and
security solution
• Blueprint for SASE transformation
• Align stakeholders around the SPA SDWAN
Cloud Consulting
most urgent and impactful ZTNA
initiatives FortiSASE Device Security
Cloud Managed

• Strategy to move forward towards


Cloud Consulting Content Security
SASE/ZTNA
Web Security
• Implementation plan

ZTNA Policy
Policy Migration

Cloud Consulting
Network Edge Cloud Consulting Remote Users
© Fortinet Inc. All Rights Reserved. 71
LAB
Access to Lab – Instances Assignment
Use the following link to assign HOL Instance:
https://fndn.fortinet.net/cse

• Passphrase: SASE-SP1

• LAB GUIDE
Compartilhamento Canais
Password: wYxpDi5w
https://fortinet.egnyte.com/fl/Z0aAle7ecA

© Fortinet Inc. All Rights Reserved. 73

You might also like