Configuring basic peer-to-peer WAN optimization - web‑based manager
Use the following steps to configure the example configuration from the web‑based manager.
To configure the client-side FortiGate unit
1. Go to WAN Opt. & Cache > WAN Opt. Peer > Peer and enter a Local Host ID for the client-side FortiGate unit:
2. Select Apply.
3. Select Create New and add the server-side FortiGate unit Peer Host ID and IP Address for the server-side FortiGate:
Peer Host ID | Server-Fgt |
IP Address | 192.168.30.12 |
4. Select OK.
5. Go to Firewall Objects > Address > Address and select Create New to add a firewall address for the client network.
Category | Address |
Name | Client-Net |
Type | Subnet |
Subnet / IP Range | 172.20.120.0/24 |
Interface | port1 |
6. Select Create New to add a firewall address for the web server network.
Category | Address |
Address Name | Web-Server-Net |
Type | Subnet |
Subnet / IP Range | 192.168.10.0/24 |
Interface | port2 |
7. Go to WAN Opt. & Cache > WAN Opt. Profile > Profile and edit the default profile.
8. Select Transparent Mode.
9. Under Protocol, select HTTP and for HTTP select Byte Caching. Leave the HTTP Port set to 80.
10. Select Apply to save your changes.
11. Go to Policy > Policy > Policy and add a WAN optimization security policy to the client-side FortiGate unit that accepts traffic to be optimized:
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | port1 |
Source Address | all |
Outgoing Interface | port2 |
Destination Address | all |
Schedule | always |
Service | ALL |
Action | ACCEPT |
12. Under Security Profiles turn on Antivirus and select the default antivirus profile.
13. Turn on Application Control and select the default application control sensor.
14. Select Enable WAN Optimization and configure the following settings:
Enable WAN Optimization | active |
Profile | default |
15. Select OK.
16. Edit the policy from the CLI to turn off wanopt-detection, add the peer ID of the server-side FortiGate unit, and the default WAN optimization profile. The following example assumes the ID of the policy is 5:
config firewall policy
edit 5
set wanopt-detection off
set wanopt-peer Server-Fgt
set wanopt-profile default
end
When you set the detection mode to off the policy becomes a manual mode WAN optimization policy. On the web‑based manager the WAN optimization part of the policy changes to the following:
Enable WAN Optimization | Manual (Profile: default, Peer: Peer-Fgt-2) |
To configure the server-side FortiGate unit
1. Go to WAN Opt. & Cache > WAN Opt. Peer > Peer and enter a Local Host ID for the server-side FortiGate unit:
2. Select Apply.
3. Select Create New and add a Peer Host ID and the IP Address for the client-side FortiGate unit:
Peer Host ID | Client-Fgt |
IP Address | 172.20.34.12 |
4. Select OK.
5. Go to Policy > Policy > Policy and select Create New to add a security policy to accept WAN optimization tunnel connections.
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | wanopt |
Source Address | all |
Outgoing Interface | port1 |
Destination Address | all |
Schedule | always |
Service | ALL |
Action | ACCEPT |