If the daily summary report generated by FortiSASE contains very little data, one possible explanation is that the 'Log allowed traffic' setting is configured to log only 'Security Events' for all policies. This configuration limits the amount of data logged, as it only includes security events and excludes normal allowed traffic.

Log Allowed Traffic Setting:

The 'Log allowed traffic' setting determines which types of traffic are logged.

When set to 'Security Events,' only traffic that triggers a security event (such as a threat detection or policy violation) is logged.

Impact on Report Data:

If the log setting excludes regular allowed traffic, the amount of data captured and reported is significantly reduced.

This results in reports with minimal data, as only security-related events are included.

FortiOS 7.2 Administration Guide: Provides details on configuring logging settings for traffic policies.

FortiSASE 23.2 Documentation: Explains the impact of logging configurations on report generation and data visibility.

Zero Trust Network Access (ZTNA) private access provides the most efficient and secure method for remote users to access a TCP-based application hosted on a private web server. ZTNA ensures that only authenticated and authorized users can access specific applications based on predefined policies, enhancing security and access control.

Zero Trust Network Access (ZTNA):

ZTNA operates on the principle of 'never trust, always verify,' continuously verifying user identity and device security posture before granting access.

It provides secure and granular access to specific applications, ensuring that remote users can securely access the TCP-based application hosted on the private web server.

Secure and Efficient Access:

ZTNA private access allows remote users to connect directly to the application without needing a full VPN tunnel, reducing latency and improving performance.

It ensures that only authorized users can access the application, providing robust security controls.

FortiOS 7.2 Administration Guide: Provides detailed information on ZTNA and its deployment use cases.

FortiSASE 23.2 Documentation: Explains how ZTNA can be used to provide secure access to private applications for remote users.

When accessing the FortiSASE portal for the first time, an administrator must select data center locations for the following FortiSASE components:

Endpoint Management:

The data center location for endpoint management ensures that endpoint data and policies are managed and stored within the chosen geographical region.

Points of Presence (PoPs):

Points of Presence (PoPs) are the locations where FortiSASE services are delivered to users. Selecting PoP locations ensures optimal performance and connectivity for users based on their geographical distribution.

Logging:

The data center location for logging determines where log data is stored and managed. This is crucial for compliance and regulatory requirements, as well as for efficient log analysis and reporting.

FortiOS 7.2 Administration Guide: Details on initial setup and configuration steps for FortiSASE.

FortiSASE 23.2 Documentation: Explains the importance of selecting data center locations for various FortiSASE components.

The reason for the ping failures is due to the quick mode selectors restricting the subnet. Quick mode selectors define the IP ranges and protocols that are allowed through the VPN tunnel, and if they are not configured correctly, traffic to certain subnets can be blocked.

Quick Mode Selectors:

Quick mode selectors specify the source and destination subnets that are allowed to communicate through the VPN tunnel.

If the selectors do not include the subnet of the webserver (192.168.10.0/24), then the traffic will be restricted, and the ping will fail.

Diagnostic Output:

The diagnostic output shows the VPN configuration details, but it is important to check the quick mode selectors to ensure that the necessary subnets are included.

If the quick mode selectors are too restrictive, they will prevent traffic to and from the specified subnets.

Configuration Check:

Verify the quick mode selectors on both the FortiSASE and FortiGate hub to ensure they match and include the subnet of the webserver.

Adjust the selectors to allow the necessary subnets for successful communication.

FortiOS 7.2 Administration Guide: Provides detailed information on configuring VPN tunnels and quick mode selectors.

FortiSASE 23.2 Documentation: Explains how to set up and manage VPN tunnels, including the configuration of quick mode selectors.

During FortiSASE provisioning, the FortiSASE administrator needs to configure at least one security point of presence (PoP). A single PoP is sufficient to get started with FortiSASE, providing the necessary security services and connectivity for users.

Security Point of Presence (PoP):

A PoP is a strategically located data center that provides security services such as secure web gateway, firewall, and VPN termination.

Configuring at least one PoP ensures that users can connect to FortiSASE and benefit from its security features.

Scalability:

While only one PoP is required to start, additional PoPs can be added as needed to enhance redundancy, load balancing, and performance.

FortiOS 7.2 Administration Guide: Provides details on the provisioning process for FortiSASE.

FortiSASE 23.2 Documentation: Explains the configuration and role of security PoPs in the FortiSASE architecture.