FortiSASE Ordering Guide: A Comprehensive Overview (Updated 02/16/2026)
This guide details Fortinet’s FortiSASE and Zero Trust solutions, covering remote user subscriptions, branch connectivity, and SKU information for ordering purposes.
FortiSASE represents a revolutionary shift in network security, converging networking and security into a single, cloud-delivered service. It’s designed to address the evolving needs of modern, distributed enterprises by providing secure and reliable access to applications and data, regardless of user location.
This integrated platform simplifies IT management, reduces complexity, and enhances security posture. FortiSASE delivers a comprehensive suite of security features, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall-as-a-Service (FWaaS), and SD-WAN capabilities.
Furthermore, FortiSASE Sovereign offers a dedicated solution for organizations requiring data residency and control, enabling the delivery of private SASE services. This ordering guide provides essential details for understanding and procuring FortiSASE solutions, ensuring a smooth deployment and optimal performance.
What is FortiSASE Sovereign?
FortiSASE Sovereign is a specialized, turnkey solution meticulously crafted for organizations demanding utmost control over their data and infrastructure. It empowers customers to deliver private SASE services, catering to both internal and external consumption needs, ensuring data sovereignty and compliance with stringent regulations.
This offering is particularly valuable for large enterprises, federal agencies, and service providers operating in highly regulated industries. It provides a dedicated and isolated environment, allowing complete ownership and management of security policies and data.
FortiSASE Sovereign facilitates the creation of a secure and compliant network perimeter, enabling organizations to confidently embrace cloud adoption and digital transformation while maintaining complete control over their sensitive information. It’s a robust solution for those prioritizing data privacy and regulatory adherence.
Target Audience for FortiSASE
FortiSASE is strategically designed to address the evolving security needs of a diverse range of organizations. Its core value proposition resonates strongly with large enterprises grappling with complex, distributed networks and a growing remote workforce.
Federal agencies, subject to rigorous compliance mandates and heightened security threats, will find FortiSASE’s robust features and control capabilities invaluable. Service providers seeking to offer differentiated, secure access service edge (SASE) solutions to their clients also represent a key target audience.
Essentially, any organization prioritizing secure, cloud-delivered networking and security, with a need for centralized management and consistent policy enforcement, will benefit from FortiSASE. This includes businesses undergoing digital transformation and those seeking to enhance their zero-trust security posture.
FortiSASE Components & Licensing
FortiSASE utilizes a user-based licensing model, offering access to all SASE capabilities with a low Minimum Orderable Quantity of 50 users (MoQ).
FortiSASE Compute Region Add-On
The FortiSASE Region Add-On delivers a one-year subscription for the Comprehensive tier of FortiSASE Compute Region, enhancing performance and localized processing. This add-on is crucial for organizations requiring data residency or low-latency access within specific geographic locations. It allows customers to deploy FortiSASE capabilities closer to their users and branch offices, optimizing the user experience and ensuring compliance with regional regulations.
This subscription provides the necessary compute resources to run FortiSASE services within the chosen region, including Secure Web Gateway, Cloud Firewall, and Zero Trust Network Access. It’s designed to scale with your needs, offering flexibility and control over your SASE infrastructure. Consider this add-on when expanding your FortiSASE deployment or when specific regional requirements dictate localized processing.
User-Based Licensing Model
FortiSASE utilizes a straightforward user-based licensing model, granting access to all SASE capabilities with a remarkably low Minimum Orderable Quantity (MoQ) of just 50 users. This simplifies procurement and aligns costs directly with the number of users accessing the SASE services. Unlike complex, feature-gated licensing schemes, FortiSASE provides comprehensive protection – including Secure Web Gateway, Cloud Firewall, and Zero Trust Network Access – to every licensed user.
This model offers scalability and cost-effectiveness, allowing organizations to easily add or remove users as their needs evolve. It eliminates the need to purchase separate licenses for individual security features, streamlining management and reducing administrative overhead. Explore the Fortinet FortiSASE Ordering Guide for detailed information and to leverage AI chat for instant answers regarding licensing options.
Minimum Orderable Quantity (MoQ)
A key advantage of FortiSASE is its industry-leading Minimum Orderable Quantity (MoQ) of only 50 users. This exceptionally low MoQ makes FortiSASE accessible to organizations of all sizes, from small businesses to large enterprises, without requiring substantial upfront investment. Many competing SASE solutions impose significantly higher MoQ requirements, creating barriers to entry for smaller deployments.
The 50-user MoQ simplifies initial deployment and allows organizations to pilot FortiSASE with a manageable user group before scaling across the entire network. This flexible approach minimizes risk and enables a phased rollout, ensuring a smooth transition to a secure access service edge architecture. Detailed information regarding MoQ and licensing can be found within the comprehensive FortiSASE Ordering Guide.
Ordering Information & SKUs
This section provides comprehensive details on FortiSASE product SKUs, including options for Secure Private Access, Secure Edge Management, and bandwidth add-ons.
FortiSASE Product SKU Details
FortiSASE offers a flexible, user-based licensing model, granting access to all SASE capabilities with a remarkably low Minimum Orderable Quantity (MoQ) of just 50 users. This streamlined approach simplifies procurement and deployment. Customers can augment account bandwidth with the FortiSASE account-level bandwidth add-on, SKU FC1-10-FSASE-471-01-DD, available in 25 Mbps increments.
Furthermore, specialized connectors enhance functionality: the SD-WAN Connector for FortiSASE Secure Private Access and the SASE Connector for FortiSASE Secure Edge Management. The FortiSASE Region Add-On (FC1-10-EMS05-766-02-12) delivers a one-year subscription to the Comprehensive tier of FortiSASE Compute Region, providing localized processing and enhanced performance. Detailed ordering information and a complete product guide are readily available for download, ensuring a clear understanding of available options.
SD-WAN Connector for FortiSASE Secure Private Access
The SD-WAN Connector seamlessly integrates FortiSASE with existing SD-WAN deployments, extending secure access to private applications and resources. This connector is crucial for organizations leveraging SD-WAN infrastructure while desiring enhanced security and Zero Trust Network Access (ZTNA) capabilities. It enables a phased migration to a full SASE architecture, protecting sensitive data without disrupting current network investments.
By combining the strengths of FortiSASE and SD-WAN, businesses gain granular control over application access, reducing the attack surface and improving compliance posture. The connector facilitates secure remote access for users, regardless of location, ensuring consistent security policies are enforced. Detailed SKU information and ordering guidance are available within the comprehensive FortiSASE Ordering Guide, simplifying the procurement process.
SASE Connector for FortiSASE Secure Edge Management
The SASE Connector is a vital component for managing and orchestrating FortiSASE’s security features at the network edge. It provides centralized visibility and control over security policies, enabling administrators to efficiently manage access to cloud applications and resources. This connector streamlines operations, reducing complexity and improving the overall security posture.
Specifically designed for FortiSASE Secure Edge Management, it allows for consistent policy enforcement across all locations and users. The ordering guide details the necessary SKUs for procurement, ensuring a smooth deployment process. Leveraging this connector, organizations can benefit from enhanced threat protection, data loss prevention, and secure web gateway functionalities, all managed through a unified platform. It’s a key element in achieving a robust and scalable SASE architecture.
FortiSASE Account-Level Bandwidth Add-On
For organizations requiring increased throughput, the FortiSASE Account-Level Bandwidth Add-On provides a flexible solution to augment existing capacity. This add-on allows customers to supplement their initial bandwidth allocation, ensuring optimal performance for all users and applications. It’s particularly useful for businesses experiencing growth or seasonal spikes in network traffic.
Available via SKU FC1-10-FSASE-471-01-DD, bandwidth is added in increments of 25 Mbps, offering granular control over resource allocation. This pay-as-you-grow model optimizes cost-effectiveness, avoiding unnecessary upfront investment. The ordering guide clearly outlines the process for purchasing and applying these bandwidth additions to existing FortiSASE accounts. This ensures consistent connectivity and a seamless user experience, even during peak demand, bolstering overall network reliability and productivity.
Deployment & Management
FortiSASE offers flexible deployment options, streamlined user authentication, and robust monitoring capabilities for comprehensive control and visibility of your secure access service edge.
FortiSASE Deployment Options
FortiSASE provides versatile deployment models to suit diverse organizational needs. Customers can leverage a fully cloud-delivered approach, benefiting from scalability and reduced on-premises infrastructure. Alternatively, a hybrid deployment allows integration with existing security investments, offering a phased migration path.
For organizations requiring maximum control and data residency, a dedicated FortiSASE Compute Region Add-On delivers a private, single-tenant SASE service. This option is ideal for large enterprises, federal agencies, and service providers delivering private SASE services. Deployment considerations include network topology, user locations, and security requirements. FortiSASE supports both direct internet access and connectivity through SD-WAN fabrics, ensuring optimal performance and user experience.
User Authentication in FortiSASE
FortiSASE prioritizes secure access through robust user authentication mechanisms. It seamlessly integrates with existing identity providers via industry-standard protocols like SAML, OAuth, and OpenID Connect. This allows organizations to leverage their current investments in identity management systems, simplifying administration and enhancing security.
Multi-factor authentication (MFA) is strongly recommended and supported, adding an extra layer of protection against unauthorized access. FortiSASE also supports certificate-based authentication for enhanced security and compliance. Granular access policies can be defined based on user identity, device posture, and application context, ensuring that only authorized users can access sensitive resources.
FortiSASE Monitoring Capabilities
FortiSASE provides comprehensive monitoring capabilities through FortiManager and FortiAnalyzer, offering real-time visibility into network performance, security threats, and user activity. Administrators can leverage detailed dashboards and reports to gain insights into SASE deployment health and identify potential issues proactively.
Centralized logging and analytics enable efficient troubleshooting and forensic investigations. FortiSASE monitors web traffic, SaaS application usage, and security events, providing valuable data for security analysis and compliance reporting. Customizable alerts notify administrators of critical events, allowing for rapid response to security incidents.
Security Features & Compliance
FortiSASE delivers robust web traffic and SaaS application protection, alongside content inspection features like antivirus, web filtering, and application control.
Web Traffic & SaaS Application Protection
FortiSASE provides comprehensive protection for both web traffic and Software-as-a-Service (SaaS) applications, ensuring a secure digital experience for users. This is achieved through a multi-layered security approach that combines advanced threat intelligence with real-time analysis.
The solution effectively safeguards against a wide range of web-based threats, including malware, phishing attacks, and malicious websites. For SaaS applications, FortiSASE offers granular control and visibility, allowing organizations to enforce security policies and prevent data breaches.
Content inspection, a core component of this protection, utilizes techniques like deep packet inspection and sandboxing to identify and block malicious content before it reaches users. This proactive approach minimizes the risk of compromise and ensures the integrity of sensitive data.
Content Inspection Features (Antivirus, Web Filtering, Application Control)
FortiSASE’s robust content inspection capabilities are central to its security posture, employing a suite of features including advanced antivirus, comprehensive web filtering, and granular application control. Antivirus protection utilizes multiple engines to detect and neutralize malware, safeguarding users from malicious software.
Web filtering allows administrators to categorize and control access to websites, blocking access to risky or inappropriate content. Application control provides visibility into application usage and enables policies to restrict or allow specific applications, minimizing bandwidth consumption and security risks.
Logging capabilities provide detailed records of inspected content, aiding in incident response and compliance reporting. These features work in concert to deliver a layered defense against evolving threats, ensuring a secure and productive user experience.
FortiSASE Security Compliance (AICPA Standards)
FortiSASE is engineered to meet stringent security standards, notably demonstrating compliance with the AICPA (American Institute of Certified Public Accountants) standards. This commitment ensures a high level of security, availability, and confidentiality for customer data and operations.
Compliance encompasses a thorough process, including regular audits and assessments to validate security controls. Available reports detail the scope of the assessment, identified controls, and testing procedures. Key principles underpinning this compliance include robust data protection measures, access controls, and incident response protocols.
This adherence to AICPA standards provides customers with assurance that FortiSASE operates with a strong security foundation, mitigating risks and supporting regulatory requirements.
Operational Technology & Ordering System
The Operational Technology Ordering Guide, alongside the ordering management system, requires security considerations to prevent unauthorized access and potential vulnerabilities.
Operational Technology Ordering Guide
The Operational Technology (OT) Ordering Guide provides crucial details for organizations integrating FortiSASE within operational technology environments. This specialized guide focuses on the unique requirements and considerations when deploying SASE solutions to protect critical infrastructure. It outlines specific SKU recommendations tailored for OT deployments, ensuring compatibility and optimal performance within industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks.
The guide details how to properly configure FortiSASE to address the distinct security challenges of OT, including protocol inspection, anomaly detection, and secure remote access for OT personnel. It also covers best practices for segmentation, micro-segmentation, and integration with existing OT security tools. Furthermore, the guide emphasizes the importance of adhering to industry-specific compliance standards relevant to operational technology environments, ensuring a robust and secure SASE implementation.
Ordering Management System Security Considerations
Security within the Ordering Management System (OMS) is paramount when procuring and managing FortiSASE licenses and subscriptions. A compromised OMS could allow malicious actors to execute arbitrary code, potentially impacting the entire security posture. Robust security measures are essential to protect sensitive ordering data and prevent unauthorized access or modifications.
Key considerations include implementing strong authentication mechanisms, such as multi-factor authentication (MFA), and enforcing strict role-based access control (RBAC) to limit user privileges. Regular security audits and vulnerability assessments are crucial to identify and remediate potential weaknesses within the OMS. Furthermore, secure coding practices and thorough input validation are necessary to prevent injection attacks. Maintaining up-to-date security patches and monitoring system logs for suspicious activity are also vital components of a comprehensive security strategy for the FortiSASE OMS.