https://community.fortinet.com/t5/FortiSASE/Technical-Tip-Force-Certificate-Inspection-option-in-FortiSASE/ta-p/302617

If the daily summary report generated by FortiSASE contains very little data, one possible explanation is that the " Log allowed traffic " setting is configured to log only " Security Events " for all policies. This configuration limits the amount of data logged, as it only includes security events and excludes normal allowed traffic.

Log Allowed Traffic Setting:

The " Log allowed traffic " setting determines which types of traffic are logged.

When set to " Security Events, " only traffic that triggers a security event (such as a threat detection or policy violation) is logged.

Impact on Report Data:

If the log setting excludes regular allowed traffic, the amount of data captured and reported is significantly reduced.

This results in reports with minimal data, as only security-related events are included.

FortiSASE hides user information when viewing and analyzing logs by hashing data using salt. This approach ensures that sensitive user information is obfuscated, enhancing privacy and security.

Hashing Data with Salt:

Hashing data involves converting it into a fixed-size string of characters, which is typically a hash value.

Salting adds random data to the input of the hash function, ensuring that even identical inputs produce different hash values.

This method provides enhanced security by making it more difficult to reverse-engineer the original data from the hash value.

Security and Privacy:

Using salted hashes ensures that user information remains secure and private when stored or analyzed in logs.

This technique is widely used in security systems to protect sensitive data from unauthorized access.

To block user attempts to log in to non-company resources while using Microsoft Office 365, theWeb Filter with Inline-CASBfeature in FortiSASE is the most appropriate solution. Inline-CASB (Cloud Access Security Broker) provides real-time visibility and control over cloud application usage. When combined with Web Filtering, it can enforce policies to restrict access to unauthorized or non-company resources within sanctioned applications like Microsoft Office 365. This ensures that users cannot access unapproved cloud resources while still allowing legitimate use of Office 365.

Here’s why the other options are incorrect:

B. SSL deep inspection:While SSL deep inspection is useful for decrypting and inspecting encrypted traffic, it does not specifically address the need to block access to non-company resources within Office 365. It focuses on securing traffic rather than enforcing application-specific policies.

C. Data loss prevention (DLP):DLP is designed to prevent sensitive data from being leaked or exfiltrated. While it is a valuable security feature, it does not directly block access to non-company resources within Office 365.

D. Application Control with Inline-CASB:Application Control focuses on managing access to specific applications rather than enforcing granular policies within an application like Office 365. Web Filter with Inline-CASB is better suited for this use case.

The correct answer is D. zero trust network access (ZTNA) .

Explanation Zero Trust Network Access (ZTNA) is the FortiSASE feature specifically designed to provide secure, least-privileged access to applications. It operates on the core principle of " never trust, always verify. "

Instead of granting broad network access like a traditional VPN, ZTNA grants access to specific applications on a per-session basis, only after verifying the user ' s identity and the security posture of their device. This ensures a user can only access the corporate applications they are explicitly authorized for, and nothing else on the network, perfectly embodying the principle of least-privileged access .

The FortiSASE solution achieves this by creating a secure, encrypted tunnel from the remote user directly to the application protected by the on-premises FortiGate, which acts as a ZTNA access proxy.