WAN optimization and web caching SSL offloading for WAN optimization and web caching
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 629
http://docs.fortinet.com/ • Feedback
2 Go to Firewall > Policy and select Create New to add a port2 to port1 firewall policy
that accepts HTTP and HTTPS traffic from the Internet.
Do not select a protection profile. Set the destination address to the virtual IP. You do
not have to enable NAT.
3 Go to WAN Opt. & Cache > Rule and select Create New to add a web cache only WAN
optimization rule that accepts the HTTP traffic accepted by the firewall policy.
Set destination to the IP address that is translated by the virtual IP (192.168.10.1) and
not to the server IP (172.10.20.30). Enable transparent mode.
4 Select OK to save the rule.
The rule is added to the bottom of the WAN optimization list.
5 If required, move the rule to a different position in the list.
See “Moving a rule to a different position in the rule list” on page 607.
To configure the FortiGate unit for SSL offloading of HTTPS traffic
The firewall policy added in the first procedure accepts HTTPS traffic so you don’t have to
add another one.
1 Go to WAN Opt. & Cache > Rule and select Create New to add a web cache only WAN
optimization rule that accepts the HTTPS traffic accepted by the firewall policy.
Set destination to the IP address that is translated by the virtual IP (192.168.10.1) and
not to the server IP (172.10.20.30). Enable transparent mode and SSL offloading.
2 Select OK to save the rule.
The rule is added to the bottom of the WAN optimization list.
Source Interface/Zone port2
Source Address all
Destination Interface/Zone port1
Destination Address Reverse_proxy_VIP
Service HTTP and HTTPS
Action ACCEPT
Mode Web Cache Only
Source 0.0.0.0
Destination 192.168.10.1
Port 80
Transparent Mode Enable
Enable SSL Disable
Mode Web Cache Only
Source 0.0.0.0
Destination 192.168.10.1
Port 443
Transparent Mode Enable
Enable SSL Enable
To Next Page
Loading...