Chapter 22 WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0 : Configuring WAN optimization : WAN optimization configuration summary : server-side configuration summary : Security policies
  
Security policies
Two server-side WAN optimization security policy configurations are possible. One for active-passive WAN optimization and one for manual WAN optimization.
Active/passive mode on server-side
config firewall policy
edit 2 <<< the passive mode policy
set srcintf "wan1"
set dstintf "internal"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set utm-status enable <<< enable security profiles
set av-profile default <<< select an antivirus profile
set profile-protocol-options default
set wanopt enable
set wanopt-detection passive
set wanopt-passive-opt transparent
next
edit 3 <<< policy that accepts wanopt tunnel connections from the       server
set srcintf "wanopt" <<< wanopt tunnel interface
set dstintf "internal"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
end
Manual mode on server-side
configure firewall policy
edit 3 <<< wanopt tunnel policy
set srcintf "wanopt" <<< wanopt tunnel interface
set dstintf "internal"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set utm-status enable <<< enable security profiles
set av-profile default <<< select an antivirus profile
set profile-protocol-options default
next
end