WAN optimization and web caching Configuring a WAN optimization rule
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 609
http://docs.fortinet.com/ • Feedback
Auto-Detect Specify whether the rule is an Active (client) rule, a Passive (server) rule or if auto-
detect is Off. If auto-detect is off the rule is a peer to peer rule.
•For an Active (client) rule you must select all of the WAN optimization features to
be applied by the rule. You can select the protocol to optimize, transparent mode,
byte-caching, SSL offloading, secure tunneling, and an authentication group.
•A Passive (server) rule uses the settings in the active rule on the client FortiGate
unit to apply WAN optimization settings. You can also select web caching for a
passive rule.
•If Auto-Detect is Off, the rule must include all required WAN optimization features
and you must select a Peer for the rule. Select this option to configure peer to
peer WAN optimization where this rule can start a WAN optimization tunnel with
this peer only.
Auto-Detect is not available if you set Mode to Web Cache Only.
Protocol Select CIFS, FTP, HTTP, or MAPI to apply protocol optimization for one of these
protocols. For information about protocol optimization, see “Protocol optimization”
on page 623.
Select TCP if the WAN optimization tunnel accepts sessions that use more than
one protocol or that do not use the CIFS, FTP, HTTP, or MAPI protocol.
You can select a protocol if Auto-Detect is set to Off or Active.
Peer Select the peer host ID of the peer that this peer to peer WAN optimization rule will
start a WAN optimization tunnel with. You can also select Create New to add a new
peer.
You can select a peer if Auto-Detect is set to Off.
Transparent
Mode
Servers receiving packets after WAN optimization see different source addresses
depending on whether you select transparent mode or not. You can select
Transparent mode if Auto-Detect is set to Active or Off. You can also select
transparent mode for web cache only rules.
Select transparent mode to keep the original source address of the packets when
they are sent to servers. The servers appear to receive traffic directly from clients.
Routing on the server network should be able to route traffic with client source IP
addresses from the FortiGate unit to the server and back to the FortiGate unit.
If transparent mode is not selected, the source address of the packets received by
servers is changed to the address of the FortiGate unit interface that sends the
packets to the servers. So servers appear to receive packets from the FortiGate
unit. Routing on the server network is usually simple
r in this case because client
addresses are not involved, but the server sees all traffic as coming from the
FortiGate unit and not from individual clients.
Some protocols, for example CIFS, may not function as expected if transparent
mode is not selected. In most cases you should select transparent mode and make
sure routing on the server network is configured as required to support transparent
mode.
Enable Byte
Caching
Select to apply WAN optimization byte caching to the sessions accepted by this
rule. For more information, see “Byte caching” on page 624.
Enable SSL Select to apply SSL offloading for HTTPS traffic. You can use SSL offloading to
offload SSL encryption and decryption from one or more HTTP servers to the
FortiGate unit. If you enable SSL offloading you should configure the rule to accept
SSL-encrypted traffic, for example, by configuring the rule to accept HTTPS traffic
by setting Port to 443.
If you enable SSL offloading, from the FortiGate CLI you must also use the config
wanopt ssl-server command to add an SSL server for each HTTP server that
you wan to offload SSL encryption/decryption for. For more information, see “SSL
offloading for WAN optimization and web caching” on page 624.
You can select SSL offloading if Auto-Detect is set to Active or Off. You can also
select SSL offloading for web cache only rules.
To Next Page
Loading...