An existing Fortinet SD-WAN customer who has recently deployed FortiSASE wants to have a comprehensive view of, and combined reports for, both SD-WAN branches and remote users. How can the customer achieve this?
A.
Forward the logs from FortiSASE to Fortinet SOCaaS.
B.
Forward the logs from FortiGate to FortiSASE.
C.
Forward the logs from FortiSASE to the external FortiAnalyzer.
D.
Forward the logs from the external SD-WAN FortiAnalyzer to FortiSASE.
For customers with hybrid environments (on-premises SD-WAN branches and remote FortiSASE users), theFortiOS 7.6andFortiSASEcurriculum recommends centralized log aggregation for unified visibility.
Centralized Reporting:The standard architectural best practice is toforward logs from FortiSASE to an external FortiAnalyzer (Option C).
Unified View:Since the customer's on-premises FortiGate SD-WAN branches are already sending logs to an existing FortiAnalyzer, adding the FortiSASE log stream to that sameFortiAnalyzerallows for the creation ofcombined reports.
Fabric Integration:This setup leverages theSecurity Fabric, enabling the FortiAnalyzer to provide a single pane of glass for monitoring security events, application usage, and SD-WAN performance metrics across the entire distributed network.
Why other options are incorrect:
Option A:SOCaaSis a managed service for threat monitoring, not a primary tool for an administrator to generate combined SD-WAN/SASE operational reports.
Option B:FortiSASE is not designed to act as a log collector or reporting hub for external on-premises FortiGates.
Option D:Data flows from the source (FortiSASE) to the collector (FortiAnalyzer), not the other way around.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit