According to the NSE7 SASE Enterprise Guide (Pages 46 & 61), deploying Secure Private Access (SPA) with SD-WAN provides advanced security and networking capabilities by routing traffic through global Points of Presence (PoPs).

Inline Security Inspection (D): A major advantage of this approach is that traffic is routed through FortiSASE PoPs before it reaches private applications. This enables inline security inspection, providing robust protection against threats by applying the full SASE security stack—including antivirus, intrusion prevention, and deep packet inspection—to private access traffic.

Support for TCP and UDP (B): Organizations with existing FortiGate SD-WAN deployments benefit from broader and seamless access to privately hosted applications. The SD-WAN SPA use case explicitly supports both TCP- and UDP-based applications, ensuring that legacy or specialized services that rely on UDP function correctly over the secure tunnel.

SD-WAN Optimization: This method leverages the benefits of SD-WAN to optimize traffic flow between the SASE PoP and the corporate SD-WAN hub or data center FortiGate. It is particularly useful for mission-critical applications that require an extra layer of security combined with path optimization.

Architecture: In this configuration, the FortiSASE Security PoPs act as spokes in the organization’s SD-WAN network, relying on IPsec VPN overlays and BGP for secure dynamic routing.

While ZTNA posture checks are a feature of the broader ecosystem, the NSE7 Guide specifically highlights inline inspection and application support (TCP/UDP) as primary advantages of the SD-WAN integrated SPA approach.