Security policies
Two server side WAN optimization security policy configurations are possible: one for active-passive WAN optimization and one for manual WAN optimization.
Active/passive mode on server side
config firewall policy
edit 2 <<< the passive mode policy
set srcintf "wan1"
set dstintf "internal"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set utm-status enable <<< enable UTM
set av-profile default <<< select an antivirus profile
set profile-protocol-options default
set wanopt enable
set wanopt-detection passive
set wanopt-passive-opt transparent
next
edit 3 <<< policy that accepts wanopt tunnel connections from the server
set srcintf "wanopt" <<< wanopt tunnel interface
set dstintf "internal"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
end
Manual mode on server side
configure firewall policy
edit 3 <<< wanopt tunnel policy
set srcintf "wanopt" <<< wanopt tunnel interface
set dstintf "internal"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set utm-status enable <<< enable UTM
set av-profile default <<< select an antivirus profile
set profile-protocol-options default
next
end