Server-side tunnel policy
The server-side policy allows WAN optimization tunnel connections by including the wanopt tunnel interface as the Incoming Interface. From the CLI the policy could look like the following:
configure firewall policy
edit 3
set srcintf "wanopt"
set dstintf "internal"
set srcaddr "all"
set dstaddr "server-subnet"
set action accept
set schedule "always"
set service "ANY"
next
end