What is the recommended way to provide temporary internet access to a contractor using FortiSASE?

Using Zero Trust Network Access (ZTNA) and tagging the client as an unmanaged endpoint is the recommended approach for providing temporary internet access to a contractor through FortiSASE. ZTNA is designed to ensure that users have secure, context-aware access to applications and resources, while strictly enforcing security policies.

In this scenario, tagging the contractor's device as an unmanaged endpoint allows the organization to maintain control over what resources the contractor can access. This is particularly important for mitigating potential security risks associated with providing access to external users who may not be using devices that align with the organization’s security standards.

Additionally, ZTNA allows for the enforcement of stringent access controls, ensuring that the contractor only has access to the applications they need and nothing more. This dynamic and granular access control mechanism enhances security while still providing the necessary flexibility and access for contractors.

While using a guest network with limited access can provide temporary access, it does not offer the same level of security consultation and enforcement that ZTNA provides. The dedicated VPN option is typically more suited for long-term stakeholders or full-time employees, rather than temporary contractors. Assigning a secure token might improve access security, but without the comprehensive context and controls provided by ZTNA, it does not suffice