FCSS_SASE_AD-24 FCSS - FortiSASE 24 Administrator Questions and Answers

To meet the requirement of inspecting all endpoint internet traffic on FortiSASE while excluding Google Maps traffic from the FortiSASE VPN tunnel and redirecting it to the endpoint ' s physical interface, you should configure split tunneling. Split tunneling allows specific traffic to bypass the VPN tunnel and be routed directly through the endpoint ' s local interface.

Split Tunneling Configuration:

Split tunneling enables selective traffic to be routed outside the VPN tunnel.

By configuring the Google Maps Fully Qualified Domain Name (FQDN) as a split tunneling destination, you ensure that traffic to Google Maps bypasses the VPN tunnel and uses the endpoint ' s local interface instead.

Implementation Steps:

Access the FortiSASE endpoint profile configuration.

Add the Google Maps FQDN to the split tunneling destinations list.

This configuration directs traffic intended for Google Maps to bypass the VPN tunnel and be routed directly through the endpoint ' s physical network interface.

In the user connection monitor, the random characters shown for the username indicate that log anonymization is enabled. Log anonymization is a feature that hides the actual user information in the logs for privacy and security reasons. To display proper user information, you need to disable log anonymization.

Log Anonymization:

When log anonymization is turned on, the actual usernames are replaced with random characters to protect user privacy.

This feature can be beneficial in certain environments but can cause issues when detailed user monitoring is required.

Disabling Log Anonymization:

Navigate to the FortiSASE settings.

Locate the log settings section.

Disable the log anonymization feature to ensure that actual usernames are displayed in the logs and user connection monitors.

FortiSASE hides user information when viewing and analyzing logs by hashing data using salt. This approach ensures that sensitive user information is obfuscated, enhancing privacy and security.

Hashing Data with Salt:

Hashing data involves converting it into a fixed-size string of characters, which is typically a hash value.

Salting adds random data to the input of the hash function, ensuring that even identical inputs produce different hash values.

This method provides enhanced security by making it more difficult to reverse-engineer the original data from the hash value.

Security and Privacy:

Using salted hashes ensures that user information remains secure and private when stored or analyzed in logs.

This technique is widely used in security systems to protect sensitive data from unauthorized access.

The issue of an almost empty daily summary report in FortiSASE can often be traced back to how logging is configured within the system. Specifically, if " Log Allowed Traffic " is set to " Security Events " for all policies, it means that only security-related events (such as threats or anomalies) are being logged, while normal, allowed traffic is not being recorded. Since most traffic in a typical network environment is allowed, this configuration would result in very little data being captured and subsequently reported in the daily summary.

Here’s a breakdown of why the other options are less likely to be the cause:

B. There are no security profile groups applied to all policies:While applying security profiles is important for comprehensive protection, their absence does not directly affect the volume of data in reports unless specific logging settings are also misconfigured.

C. The web filter security profile is not set to Monitor:This option pertains specifically to web filtering activities. Even if web filtering is not set to monitor mode, other types of traffic and logs should still populate the report.

D. Digital experience monitoring is not configured:Digital Experience Monitoring (DEM) focuses on user experience metrics rather than general traffic logging. Its absence would not lead to an almost empty report.

To resolve this issue, administrators should review the logging settings across all policies and ensure that " Log Allowed Traffic " is appropriately configured to capture the necessary data for reporting purposes.

To block user attempts to log in to non-company resources while using Microsoft Office 365, theWeb Filter with Inline-CASBfeature in FortiSASE is the most appropriate solution. Inline-CASB (Cloud Access Security Broker) provides real-time visibility and control over cloud application usage. When combined with Web Filtering, it can enforce policies to restrict access to unauthorized or non-company resources within sanctioned applications like Microsoft Office 365. This ensures that users cannot access unapproved cloud resources while still allowing legitimate use of Office 365.

Here’s why the other options are incorrect:

B. SSL deep inspection:While SSL deep inspection is useful for decrypting and inspecting encrypted traffic, it does not specifically address the need to block access to non-company resources within Office 365. It focuses on securing traffic rather than enforcing application-specific policies.

C. Data loss prevention (DLP):DLP is designed to prevent sensitive data from being leaked or exfiltrated. While it is a valuable security feature, it does not directly block access to non-company resources within Office 365.

D. Application Control with Inline-CASB:Application Control focuses on managing access to specific applications rather than enforcing granular policies within an application like Office 365. Web Filter with Inline-CASB is better suited for this use case.

FortiSASE brings the following advantages to businesses with multiple branch offices:

Centralized Management for Simplified Administration:

FortiSASE provides a centralized management platform that allows administrators to manage security policies, configurations, and monitoring from a single interface.

This simplifies the administration and reduces the complexity of managing multiple branch offices.

Eliminates the Need for On-Premises Firewalls:

FortiSASE enables secure access to the internet and cloud applications without requiring dedicated on-premises firewalls at each branch office.

This reduces hardware costs and simplifies network architecture, as security functions are handled by the cloud-based FortiSASE solution.

https://community.fortinet.com/t5/FortiSASE/Technical-Tip-Force-Certificate-Inspection-option-in-FortiSASE/ta-p/302617