WAN optimization and web caching Configuring a WAN optimization rule
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 687
http://docs.fortinet.com/ • Feedback
About WAN optimization addresses
A WAN optimization source or destination address can contain one or more network
addresses. Network addresses can be represented by an IP address with a netmask or an
IP address range.
When representing hosts by an IP address with a netmask, the IP address can represent
one or more hosts. For example, a source or destination address can be:
• a single computer, such as 192.45.46.45
• a subnetwork, such as 192.168.1.0 for a class C subnet
• 0.0.0.0, which matches any IP address.
The netmask corresponds to the subnet class of the address being added, and can be
represented in either dotted decimal or CIDR format. The FortiGate unit automatically
converts CIDR formatted netmasks to dotted decimal format. Example formats:
Transparent
Mode
Servers receiving packets after WAN optimization “see” different source addresses
depending on whether or not you select Transparent Mode. You can select this
option if Auto-Detect is set to Active or Off. You can also select it for Web Cache
Only rules.
Select this option to keep the original source address of the packets when they are
sent to servers. The servers appear to receive traffic directly from clients. The
server network should be configured to route traffic with client source IP addresses
from the server side FortiGate unit to the server and back to the server side
FortiGate unit.
If this option is not selected, the server side FortiGate unit changes the source
address of the packets received by servers to the address of the server side
FortiGate unit interface that sends the packets to the servers. So servers appear to
receive packets from the server side FortiGate unit. Routing on the server network
is usually simpler in this case because client addresses are not involved, but the
server sees all traffic as coming from the server side FortiGate unit and not from
individual clients.
Enable Byte
Caching
Available only if Mode is set to Full Optimization, and Auto-Detect is set to Off or
Active.
Select to apply WAN optimization byte caching to the sessions accepted by this
rule. For more information, see the FortiGate WAN Optimization, Web Cache, and
Web Proxy User Guide.
Enable SSL Available only if Auto-Detect is set to Active or Off.
Select to apply SSL offloading for HTTPS traffic. You can use SSL offloading to
offload SSL encryption and decryption from one or more HTTP servers to the
FortiGate unit. If you enable this option, you must configure the rule to accept
SSL-encrypted traffic, for example, by configuring the rule to accept HTTPS traffic
by setting Port to 443.
If you enable SSL offloading, you must also use the CLI command config
wanopt ssl-server to add an SSL server for each HTTP server that you want
to offload SSL encryption/decryption for. For more information, see the FortiGate
WAN Optimization, Web Cache, and Web Proxy User Guide.
Enable Secure
Tunnel
Available only if Mode is set to Full Optimization, and Auto-Detect is set to Active or
Off.
If you select Enable Secure Tunnel, the WAN optimization tunnel is encrypted
using SSL encryption. You must also add an authentication group to the rule. For
more information, see the FortiGate WAN Optimization, Web Cache, and Web
Proxy User Guide.
Authentication
Group
Available only if Mode is set to Full Optimization
, and Auto-Detect is set to Active or
Off.
Select this option and select an authentication group from the list if you want
groups of FortiGate units to authenticate with each other before starting the WAN
optimization tunnel. You must also select an authentication group if you select
Enable Secure Tunnel.
You must add identical authentication groups to both of the FortiGate units that will
participate in the WAN optimization tunnel started by the rule. For more
information, see “Configuring authentication groups” on page 689.
To Next Page
Loading...
Need help?
General
