Configuring basic active-passive WAN optimization - web‑based manager
Use the following steps to configure the example WAN optimization configuration from the client-side and server-side FortiGate unit web‑based manager.
To configure the client-side FortiGate unit
1. Go to WAN Opt. & Cache > WAN Opt. Peer > Peer and enter a Local Host ID for the client-side FortiGate unit:
2. Select Apply.
3. Select Create New and add a Peer Host ID and the IP Address for the server-side FortiGate unit:
Peer Host ID | Server-Fgt |
IP Address | 192.168.20.1 |
4. Select OK.
5. Go to WAN Opt. & Cache > WAN Opt. Profile > Profile and select Create New to add a WAN optimization profile to optimize CIFS, HTTP, and FTP traffic:
Name | Custom-wan-opt-pro |
Transparent Mode | Select |
6. Select the CIFS protocol, select Byte Caching and set the Port to 445.
7. Select the FTP protocol, select Byte Caching and set the Port to 21.
8. Select the HTTP protocol, select Byte Caching and set the Port to 80.
9. Select OK.
10. Go to Firewall Objects > Address > Address and select Create New to add a firewall address for the client network.
Category | Address |
Address Name | Client-Net |
Type | IP Range |
Subnet / IP Range | 172.20.120.[100-200] |
Interface | port1 |
11. Select Create New to add a firewall address for the web server network.
Category | Address |
Address Name | Web-Server-Net |
Type | IP Range |
Subnet / IP Range | 192.168.10.0/24 |
Interface | port2 |
12. Go to Policy > Policy > Policy and add an active WAN optimization security policy:
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | port1 |
Source Address | Client-Net |
Outgoing Interface | port2 |
Destination Address | Web-Server-Net |
Schedule | always |
Service | HTTP FTP SMB |
Action | ACCEPT |
13. Turn on Antivirus and select the default antivirus profile.
14. Select Enable WAN Optimization and configure the following settings:
Enable WAN Optimization | active |
Profile | Custom-wan-opt-pro |
15. Select OK.
To configure the server-side FortiGate unit
1. Go to WAN Opt. & Cache > WAN Opt. Peer > Peer and enter a Local Host ID for the server-side FortiGate unit:
2. Select Apply.
3. Select Create New and add a Peer Host ID and the IP Address for the client-side FortiGate unit:
Peer Host ID | Client-Fgt |
IP Address | 172.30.120.1 |
4. Select OK.
5. Go to Firewall Objects > Address > Address and select Create New to add a firewall address for the client network.
Category | Address |
Address Name | Client-Net |
Type | IP Range |
Subnet / IP Range | 172.20.120.[100-200] |
Interface | port1 |
6. Select Create New to add a firewall address for the web server network.
Category | Address |
Address Name | Web-Server-Net |
Type | IP Range |
Subnet / IP Range | 192.168.10.0/24 |
Interface | port2 |
7. Go to Policy > Policy > Policy and select Create New to add a WAN optimization tunnel policy.
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | wanopt |
Source Address | all |
Outgoing Interface | port1 |
Destination Address | all |
Schedule | always |
Service | ALL |
Action | ACCEPT |
8. Select OK.
9. Select Create New to add a passive WAN optimization policy that applies application control.
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | port2 |
Source Address | Client-Net |
Outgoing Interface | port1 |
Destination Address | Web-Server-Net |
Schedule | always |
Service | ALL |
Action | ACCEPT |
10. Turn on Application Control and select the default application control sensor.
11. Select Enable WAN Optimization and configure the following settings:
Enable WAN Optimization | passive |
Passive Option | default |
12. Select OK.