Which FortiSASE deployment involves installing FortiClient on remote endpoints?

The deployment that involves installing FortiClient on remote endpoints is Zero Trust Network Access (ZTNA). This approach emphasizes security over traditional perimeter-focused frameworks by ensuring that every device attempting to access the network is authenticated, authorized, and continuously validated.

With ZTNA, FortiClient acts as a critical component, enabling endpoint protection and secure connectivity for users working remotely. It provides capabilities such as secure application access and visibility into endpoint health, which are essential in a Zero Trust environment. This means that regardless of the endpoint's location, whether in-office or remote, users are subjected to the same stringent verification processes.

In contrast, the FortiGuard deployment refers more to the updating and management of security services rather than directly involving endpoint implementations. The Cloud Security deployment focuses on securing data and applications hosted in the cloud but does not necessarily require the installation of FortiClient on endpoint devices. The Site-to-Site VPN deployment primarily establishes secure connections between two locations using predefined tunnel configurations, thus not dependent on client installations on individual endpoints.

Hence, ZTNA stands out as the correct option because it directly relates to the requirement of endpoint software installation to ensure comprehensive security and access policies for remote users.