Heavy Networking HN802: Unifying Networking and Security with Fortinet SASE: Architecture, Reality, and Lessons Learned (Sponsored)
Oct 24, 2025
Ramnath Shanai, Fortinet SASE product director who helps customers deploy CASB, POPs, and agent/agentless options. Nirav Shah, SVP of product architecture driving unified SASE and convergence of networking and security. They discuss Fortinet’s homegrown unified SASE stack, on‑prem vs cloud enforcement parity, POP footprint and isolation, granular SaaS and GenAI data protections, ZTNA and agentless approaches, and simplified licensing.
AI Snips
Chapters
Transcript
Episode notes
Apply Selective SSL Inspection Policies
- Configure selective SSL/TLS inspection: Fortinet allows disabling decryption for specific hosts or domains to preserve privacy, performance, or compliance.
- Use targeted policies rather than all‑or‑nothing decryption to avoid latency and legal issues.
Granular SaaS Controls Extend To GenAI Use
- Fortinet supports granular SaaS controls including inline CASB and out‑of‑band checks plus DLP for uploads and files, and can apply those controls to GenAI use like ChatGPT.
- You can block code or file uploads or inspect uploaded files for sensitive data.
Implement ZTNA Locally To Avoid Cloud Hairpinning
- Run ZTNA where applications live: implement ZTNA both in cloud and on‑prem FortiGate so local office traffic can get zero‑trust checks without hairpinning to cloud.
- This reduces latency and cost while keeping continuous device posture checks.