Fortinet Gate 60D - Peer to Peer WAN Optimization; Configuring Peer to Peer WAN Optimization

To Next Page

To Previous Page

Peer to peer WAN optimization WAN optimization and web caching

FortiGate Version 4.0 Administration Guide

620 01-400-89802-20090424

http://docs.fortinet.com/ • Feedback

3 Go to WAN Opt. & Cache > Rule and select Create New.

4 Add the passive rule. The source address matches the 172.20.120.100 to

172.20.120.200 IP address range and the 1-65535 port range. You can also enable

web caching for the HTTP traffic.

5 Select OK to save the rule.

The rule is added to the bottom of the rule list.

6 If required, move the rule to a different position in the list.

Peer to peer WAN optimization

Peer-to-peer WAN optimization is very similar to active-passive WAN optimization. The

difference is that the peer-to-peer tunnel can only be set up between the client FortiGate

unit and the server FortiGate unit named in the WAN optimization rule added to the client

FortiGate unit. When the client side FortiGate unit initiates a tunnel with the server side

FortiGate unit the packets that initiate the tunnel include extra information so that this

server side FortiGate unit can determine that it is a peer-to-peer tunnel request. This extra

information is required because the server side FortiGate unit does not require a WAN

optimization rule. All that is required on the server side FortiGate unit is that the client Peer

Host ID and IP address be added to the server side FortiGate unit peer list.

The extra information in the communication session plus the peer list entry allow the

server side FortiGate unit to set up the WAN optimization tunnel with the client side

FortiGate unit using only the settings on the client side WAN optimization rule.

Configuring peer to peer WAN optimization

In a peer to peer WAN optimization configuration you create a peer-to-peer WAN

optimization rule on the client side FortiGate unit with Auto-Detect to Off and include the

peer host ID of the server side FortiGate unit. Using this rule, the client side FortiGate unit

can create a WAN optimization tunnel only with the peer that is added to the rule.

You do not have to add a rule to the server side FortiGate unit. But the server side

FortiGate unit peer list must include the client FortiGate unit. The server side FortiGate

unit uses the WAN optimization settings in the client side rule.

Mode Full Optimization

Source 172.20.120.[100-200]

Destination 192.168.10.0

Port 1-65535

Auto-Detect Passive

Enable Web Cache Enable