Download FCSS-FortiSASE 24 Administrator.FCSS_SASE_AD-24.VCEplus.2025-04-07.22q.vcex

To resolve internal hostnames using internal DNS servers for remotely connected endpoints, the following two components must be configured on FortiSASE:Split DNS Rules:Split DNS allows the configuration of specific DNS queries to be directed to internal DNS servers instead of public DNS servers.This ensures that internal hostnames are resolved using the organization's internal DNS infrastructure, maintaining privacy and accuracy for internal network resources.Split Tunneling Destinations:Split tunneling allows specific traffic (such as DNS queries for internal domains) to be routed through the VPN tunnel while other traffic is sent directly to the internet.By configuring split tunneling destinations, you can ensure that DNS queries for internal hostnames are directed through the VPN to the internal DNS servers.FortiOS 7.2 Administration Guide: Provides details on configuring split DNS and split tunneling for VPN clients.FortiSASE 23.2 Documentation: Explains the implementation and configuration of split DNS and split tunneling for securely resolving internal hostnames.

The unified FortiClient component of FortiSASE facilitates the always-on security measure required for ensuring that all remote user endpoints are always connected and protected.Unified FortiClient:FortiClient is a comprehensive endpoint security solution that integrates with FortiSASE to provide continuous protection for remote user endpoints.It ensures that endpoints are always connected to the FortiSASE infrastructure, even when users are off the corporate network.Always-On Security:The unified FortiClient maintains a persistent connection to FortiSASE, enforcing security policies and protecting endpoints against threats at all times.This ensures compliance with the cybersecurity policy requiring constant connectivity and protection for remote users.FortiOS 7.2 Administration Guide: Provides information on configuring and managing FortiClient for endpoint security.FortiSASE 23.2 Documentation: Explains how FortiClient integrates with FortiSASE to deliver always-on security for remote endpoints.

Zero Trust Network Access (ZTNA) private access provides the most efficient and secure method for remote users to access a TCP-based application hosted on a private web server. ZTNA ensures that only authenticated and authorized users can access specific applications based on predefined policies, enhancing security and access control.Zero Trust Network Access (ZTNA):ZTNA operates on the principle of 'never trust, always verify,' continuously verifying user identity and device security posture before granting access.It provides secure and granular access to specific applications, ensuring that remote users can securely access the TCP-based application hosted on the private web server.Secure and Efficient Access:ZTNA private access allows remote users to connect directly to the application without needing a full VPN tunnel, reducing latency and improving performance.It ensures that only authorized users can access the application, providing robust security controls.FortiOS 7.2 Administration Guide: Provides detailed information on ZTNA and its deployment use cases.FortiSASE 23.2 Documentation: Explains how ZTNA can be used to provide secure access to private applications for remote users.

The Secure Internet Access (SIA) use case that minimizes individual workstation or device setup is SIA for agentless remote users. This use case does not require installing FortiClient on endpoints or configuring explicit web proxy settings on web browser-based endpoints, making it the simplest and most efficient deployment.SIA for Agentless Remote Users:Agentless deployment allows remote users to connect to the SIA service without needing to install any client software or configure browser settings.This approach reduces the setup and maintenance overhead for both users and administrators.Minimized Setup:Without the need for FortiClient installation or explicit proxy configuration, the deployment is straightforward and quick.Users can securely access the internet with minimal disruption and administrative effort.FortiOS 7.2 Administration Guide: Details on different SIA deployment use cases and configurations.FortiSASE 23.2 Documentation: Explains how SIA for agentless remote users is implemented and the benefits it provides.

FortiSASE brings the following advantages to businesses with multiple branch offices:Centralized Management for Simplified Administration:FortiSASE provides a centralized management platform that allows administrators to manage security policies, configurations, and monitoring from a single interface.This simplifies the administration and reduces the complexity of managing multiple branch offices.Eliminates the Need for On-Premises Firewalls:FortiSASE enables secure access to the internet and cloud applications without requiring dedicated on-premises firewalls at each branch office.This reduces hardware costs and simplifies network architecture, as security functions are handled by the cloud-based FortiSASE solution.FortiOS 7.2 Administration Guide: Provides information on the benefits of centralized management and cloud-based security solutions.FortiSASE 23.2 Documentation: Explains the advantages of using FortiSASE for businesses with multiple branch offices, including reduced need for on-premises firewalls. 

When accessing the FortiSASE portal for the first time, an administrator must select data center locations for the following FortiSASE components:Endpoint Management:The data center location for endpoint management ensures that endpoint data and policies are managed and stored within the chosen geographical region.Points of Presence (PoPs):Points of Presence (PoPs) are the locations where FortiSASE services are delivered to users. Selecting PoP locations ensures optimal performance and connectivity for users based on their geographical distribution.Logging:The data center location for logging determines where log data is stored and managed. This is crucial for compliance and regulatory requirements, as well as for efficient log analysis and reporting.FortiOS 7.2 Administration Guide: Details on initial setup and configuration steps for FortiSASE.FortiSASE 23.2 Documentation: Explains the importance of selecting data center locations for various FortiSASE components.

The issue of an almost empty daily summary report in FortiSASE can often be traced back to how logging is configured within the system. Specifically, if 'Log Allowed Traffic' is set to 'Security Events' for all policies, it means that only security-related events (such as threats or anomalies) are being logged, while normal, allowed traffic is not being recorded. Since most traffic in a typical network environment is allowed, this configuration would result in very little data being captured and subsequently reported in the daily summary.Here's a breakdown of why the other options are less likely to be the cause:B . There are no security profile groups applied to all policies: While applying security profiles is important for comprehensive protection, their absence does not directly affect the volume of data in reports unless specific logging settings are also misconfigured.C . The web filter security profile is not set to Monitor: This option pertains specifically to web filtering activities. Even if web filtering is not set to monitor mode, other types of traffic and logs should still populate the report.D . Digital experience monitoring is not configured: Digital Experience Monitoring (DEM) focuses on user experience metrics rather than general traffic logging. Its absence would not lead to an almost empty report.To resolve this issue, administrators should review the logging settings across all policies and ensure that 'Log Allowed Traffic' is appropriately configured to capture the necessary data for reporting purposes.Fortinet FCSS FortiSASE Documentation - Reporting and Logging Best PracticesFortiSASE Administration Guide - Configuring Logging Settings