Fortinet white logo
Fortinet white logo

Administration Guide

Inline CASB

Inline CASB

The inline CASB security profile enables the FortiGate to perform granular control over SaaS applications directly on firewall policies. The supported controls include:

Control

Description

Privilege control

Specify the action to apply to user activities per application such as upload, download, share, delete, log in, and so on.

See Privilege control for an example.

Safe search

On SaaS applications that support searching, enable and select the level of safe search.

See Safe search for an example.

Tenant control

Allow only users belonging to specific domains to access the SaaS application.

See Tenant control for an example.

UTM bypass

For each user activity, bypass further UTM scanning any of the following security profiles:

  • Antivirus
  • DLP
  • File filter
  • Video filter
  • Web filter

See UTM bypass for an example.

Administrators can customize their own SaaS applications, matching conditions, and custom controls and actions.

A firewall policy must use proxy-based inspection with a deep inspection SSL profile to apply the inline CASB profile and scan the traffic payload.

Inline CASB can be applied to a firewall policy or a proxy policy.

This feature is not supported on FortiGate models with 2 GB RAM or less. See Proxy-related features not supported on FortiGate 2 GB RAM models for more information.

Note

The Inline-CASB Application Definitions entitlement is licensed under the basic firmware and updates contract. To view the entitlement information, go to System > FortiGuard and expand the Firmware & General Updates section in the License Information table.

To enable inline CASB security profiles in the GUI:
  1. Go to System > Feature Visibility.

  2. Enable Inline-CASB in the Security Features section.

  3. Click Apply.

See Inline CASB examples for sample configurations.

Inline CASB

Inline CASB

The inline CASB security profile enables the FortiGate to perform granular control over SaaS applications directly on firewall policies. The supported controls include:

Control

Description

Privilege control

Specify the action to apply to user activities per application such as upload, download, share, delete, log in, and so on.

See Privilege control for an example.

Safe search

On SaaS applications that support searching, enable and select the level of safe search.

See Safe search for an example.

Tenant control

Allow only users belonging to specific domains to access the SaaS application.

See Tenant control for an example.

UTM bypass

For each user activity, bypass further UTM scanning any of the following security profiles:

  • Antivirus
  • DLP
  • File filter
  • Video filter
  • Web filter

See UTM bypass for an example.

Administrators can customize their own SaaS applications, matching conditions, and custom controls and actions.

A firewall policy must use proxy-based inspection with a deep inspection SSL profile to apply the inline CASB profile and scan the traffic payload.

Inline CASB can be applied to a firewall policy or a proxy policy.

This feature is not supported on FortiGate models with 2 GB RAM or less. See Proxy-related features not supported on FortiGate 2 GB RAM models for more information.

Note

The Inline-CASB Application Definitions entitlement is licensed under the basic firmware and updates contract. To view the entitlement information, go to System > FortiGuard and expand the Firmware & General Updates section in the License Information table.

To enable inline CASB security profiles in the GUI:
  1. Go to System > Feature Visibility.

  2. Enable Inline-CASB in the Security Features section.

  3. Click Apply.

See Inline CASB examples for sample configurations.