Server-side passive policy
Add a passive policy to the client-side FortiGate unit by selecting Enable WAN Optimization and selecting passive. Then set the Passive Option to transparent. From the CLI the policy could look like the following:
config firewall policy
edit 2
set srcintf "wan1"
set dstintf "internal"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set utm-status enable
set av-profile default
set profile-protocol-options default
set wanopt enable
set wanopt-detection passive
set wanopt-passive-opt transparent
next