Fortinet black logo

Handbook

configuration summary

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:853440
Download PDF

configuration summary

This section includes a client-side and a server-side WAN Optimization configuration summary.:

Client-side configuration summary

WAN optimization profile

Enter the following command to view WAN optimization profile CLI options:

tree wanopt profile

-- [profile] --*name (36)

|- transparent

|- comments

|- auth-group (36)

|- <http> -- status

|- secure-tunnel

|- byte-caching

|- prefer-chunking

|- tunnel-sharing

|- log-traffic

|- port (1,65535)

|- ssl

|- ssl-port (1,65535)

|- unknown-http-version

+- tunnel-non-http

|- <cifs> -- status

|- secure-tunnel

|- byte-caching

|- prefer-chunking

|- tunnel-sharing

|- log-traffic

+- port (1,65535)

|- <mapi> -- status

|- secure-tunnel

|- byte-caching

|- tunnel-sharing

|- log-traffic

+- port (1,65535)

|- <ftp> -- status

|- secure-tunnel

|- byte-caching

|- prefer-chunking

|- tunnel-sharing

|- log-traffic

+- port (1,65535)

+- <tcp> -- status

|- secure-tunnel

|- byte-caching

|- byte-caching-opt

|- tunnel-sharing

|- log-traffic

|- port

|- ssl

+- ssl-port (1,65535)

Local host ID and peer settings

config wanopt settings

set host-id client

end

config wanopt peer

edit server

set ip 10.10.2.82

end

Security policies

Two client-side WAN optimization security policy configurations are possible. One for active-passive WAN optimization and one for manual WAN optimization.

Active/passive mode on the client-side

config firewall policy

edit 2

set srcintf internal

set dstintf wan1

set srcaddr all

set dstaddr all

set action accept

set schedule always

set service ALL

set wanopt enable <<< enable WAN optimization

set wanopt-detection active <<< set the mode to active/passive

set wanopt-profile "default" <<< select the wanopt profile

end

Manual mode on the client-side

config firewall policy

edit 2

set srcintf internal

set dstintf wan1

set srcaddr all

set dstaddr all

set action accept

set schedule always

set service ALL

set wanopt enable <<< enable WAN optimization

set wanopt-detection off <<< sets the mode to manual

set wanopt-profile "default" <<< select the wanopt profile

set wanopt-peer "server" <<< set the only peer to do wanopt with (required for manual mode)

end

server-side configuration summary

Local host ID and peer settings

config wanopt settings

set host-id server

end

config wanopt peer

edit client

set ip 10.10.2.81

end

Security policies

Two server-side WAN optimization security policy configurations are possible. One for active-passive WAN optimization and one for manual WAN optimization.

Active/passive mode on server-side

config firewall policy

edit 2 <<< the passive mode policy

set srcintf wan1

set dstintf internal

set srcaddr all

set dstaddr all

set action accept

set schedule always

set service ALL

set wanopt enable

set wanopt-detection passive

set wanopt-passive-opt transparent

end

config firewall proxy-policy

edit 3 <<< policy that accepts wanopt tunnel connections from the server

set proxy wanopt <<< wanopt proxy type

set dstintf internal

set srcaddr all

set dstaddr server-subnet

set action accept

set schedule always

set service ALL

end

Manual mode on server-side

config firewall proxy-policy

edit 3 <<< policy that accepts wanopt tunnel connections from the client

set proxy wanopt <<< wanopt proxy type

set dstintf internal

set srcaddr all

set dstaddr server-subnet

set action accept

set schedule always

set service ALL

end

configuration summary

This section includes a client-side and a server-side WAN Optimization configuration summary.:

Client-side configuration summary

WAN optimization profile

Enter the following command to view WAN optimization profile CLI options:

tree wanopt profile

-- [profile] --*name (36)

|- transparent

|- comments

|- auth-group (36)

|- <http> -- status

|- secure-tunnel

|- byte-caching

|- prefer-chunking

|- tunnel-sharing

|- log-traffic

|- port (1,65535)

|- ssl

|- ssl-port (1,65535)

|- unknown-http-version

+- tunnel-non-http

|- <cifs> -- status

|- secure-tunnel

|- byte-caching

|- prefer-chunking

|- tunnel-sharing

|- log-traffic

+- port (1,65535)

|- <mapi> -- status

|- secure-tunnel

|- byte-caching

|- tunnel-sharing

|- log-traffic

+- port (1,65535)

|- <ftp> -- status

|- secure-tunnel

|- byte-caching

|- prefer-chunking

|- tunnel-sharing

|- log-traffic

+- port (1,65535)

+- <tcp> -- status

|- secure-tunnel

|- byte-caching

|- byte-caching-opt

|- tunnel-sharing

|- log-traffic

|- port

|- ssl

+- ssl-port (1,65535)

Local host ID and peer settings

config wanopt settings

set host-id client

end

config wanopt peer

edit server

set ip 10.10.2.82

end

Security policies

Two client-side WAN optimization security policy configurations are possible. One for active-passive WAN optimization and one for manual WAN optimization.

Active/passive mode on the client-side

config firewall policy

edit 2

set srcintf internal

set dstintf wan1

set srcaddr all

set dstaddr all

set action accept

set schedule always

set service ALL

set wanopt enable <<< enable WAN optimization

set wanopt-detection active <<< set the mode to active/passive

set wanopt-profile "default" <<< select the wanopt profile

end

Manual mode on the client-side

config firewall policy

edit 2

set srcintf internal

set dstintf wan1

set srcaddr all

set dstaddr all

set action accept

set schedule always

set service ALL

set wanopt enable <<< enable WAN optimization

set wanopt-detection off <<< sets the mode to manual

set wanopt-profile "default" <<< select the wanopt profile

set wanopt-peer "server" <<< set the only peer to do wanopt with (required for manual mode)

end

server-side configuration summary

Local host ID and peer settings

config wanopt settings

set host-id server

end

config wanopt peer

edit client

set ip 10.10.2.81

end

Security policies

Two server-side WAN optimization security policy configurations are possible. One for active-passive WAN optimization and one for manual WAN optimization.

Active/passive mode on server-side

config firewall policy

edit 2 <<< the passive mode policy

set srcintf wan1

set dstintf internal

set srcaddr all

set dstaddr all

set action accept

set schedule always

set service ALL

set wanopt enable

set wanopt-detection passive

set wanopt-passive-opt transparent

end

config firewall proxy-policy

edit 3 <<< policy that accepts wanopt tunnel connections from the server

set proxy wanopt <<< wanopt proxy type

set dstintf internal

set srcaddr all

set dstaddr server-subnet

set action accept

set schedule always

set service ALL

end

Manual mode on server-side

config firewall proxy-policy

edit 3 <<< policy that accepts wanopt tunnel connections from the client

set proxy wanopt <<< wanopt proxy type

set dstintf internal

set srcaddr all

set dstaddr server-subnet

set action accept

set schedule always

set service ALL

end