FortiSASE
FortiSASE is a secure access service edge platform that provides network security, secure web gateway, zero trust access, and traffic inspection for distributed users and devices.
Use Cases the Adapter Solves
- Monitor VPN User Activity: Track active VPN sessions and user connectivity patterns to ensure secure remote access and identify unauthorized usage.
- Identify Remote User Locations: Gain visibility into the geographic regions where users are connecting from to support compliance requirements and security policies.
Asset Types Fetched
- Devices
, Users, Software,
SaaS Applications
Data Retrieved through the Adapter
Devices
- Device hostname, serial number, model, vendor, and hardware specifications
- Operating system, FortiClient version, and deployment state
- Security feature status (AV, EDR, firewall, VPN, sandbox, ZTNA, etc.)
- Assigned security policies, profiles, tags, and ZTNA rules
• Health metrics, compliance status, and security event counts
Software (requires the Fetch Software advanced setting)
- Application name, vendor, version
- Installation date
Users
- Username, session ID, VPN connection details
SaaS Applications
- SaaS applications discovered by Axonius from software installed on FortiSASE managed endpoints (requires the Fetch Software advanced setting)
Before You Begin
Required Ports
- TCP port 443 (HTTPS)
Authentication Methods
Username and Password Authentication
APIs
Axonius uses the FortiSASE API. The following endpoints are called:
POST https://customerapiauth.fortinet.com/api/v1/oauth/token/GET {domain}/monitor-api/v1/user/vpn/sessions
For complete API documentation, see the FortiSASE REST API reference on the Fortinet Developer Network.
Required Permissions
The following permissions are required:
- The API User must be assigned a profile where FortiSASE is explicitly set to
Read/WriteorRead Only - The API User must be authorized for the specific Account ID or OU where the SASE instance resides.
Supported From Version
Supported from Axonius version 8.0.23
Connecting the Adapter in Axonius
Navigate to the Adapters page, search for FortiSASE, and click on the adapter tile.
Click Add Connection.
To connect the adapter in Axonius, provide the following parameters:
Required Parameters
- Host Name or IP Address - Base domain for the API. Must include the
http://orhttps://prefix. Do not add any specific endpoints after the domain. Example:https://your-instance.fortisase.com/ - User Name - The username for authenticating to FortiSASE. Example:
[email protected] - Password - The password associated with the user account.
Optional Parameters
- Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
- HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.
- HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
- HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Note
Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.
- Fetch Software (default: enabled) - Enable this to enrich Devices with full software inventory data.
Note
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
