Inline CASB
The inline CASB security profile enables the FortiGate to perform granular control over SaaS applications directly on firewall policies. The supported controls include:
Control |
Description |
---|---|
Privilege control |
Specify the action to apply to user activities per application such as upload, download, share, delete, log in, and so on. See Privilege control for an example. |
Safe search |
On SaaS applications that support searching, enable and select the level of safe search. See Safe search for an example. |
Tenant control |
Allow only users belonging to specific domains to access the SaaS application. See Tenant control for an example. |
UTM bypass |
For each user activity, bypass further UTM scanning any of the following security profiles:
See UTM bypass for an example. |
Administrators can customize their own SaaS applications, matching conditions, and custom controls and actions.
A firewall policy must use proxy-based inspection with a deep inspection SSL profile to apply the inline CASB profile and scan the traffic payload.
Inline CASB can be applied to a firewall policy or a proxy policy.
This feature is not supported on FortiGate models with 2 GB RAM or less. See Proxy-related features not supported on FortiGate 2 GB RAM models NEW for more information.
The Inline-CASB Application Definitions entitlement is licensed under the basic firmware and updates contract. To view the entitlement information, go to System > FortiGuard and expand the Firmware & General Updates section in the License Information table. |
To enable inline CASB security profiles in the GUI:
-
Go to System > Feature Visibility.
-
Enable Inline-CASB in the Security Features section.
-
Click Apply.
See Inline CASB examples for sample configurations.