“In this use case, FortiSASE acts as an SWG and distributes a proxy auto-configuration (PAC) file to end users, enabling the FortiSASE SWG service as an explicit web proxy. SWG deployment secures only web traffic protocols, such as HTTP and HTTPS.”
“All other nonweb traffic bypasses FortiSASE and is forwarded directly to the internet.”
Technical Deep Dive:
The correct answer is A .
In agentless SWG-based SIA , FortiSASE is operating as an explicit web proxy using a PAC file . That model captures only web protocols , specifically HTTP and HTTPS . It does not create a full tunnel for the endpoint like agent-based FortiClient deployment does.
So the design implication is simple: nonweb traffic does not traverse FortiSASE in this onboarding model. It goes directly to the internet from the endpoint.
Why the other options are wrong:
C is wrong because FWaaS does not automatically capture nonweb traffic in the agentless SWG model.
D is wrong because SWG does not redirect nonweb traffic to FortiExtender.
This is an important deployment distinction:
Submit