Configuring basic peer-to-peer WAN optimization - web‑based manager
Use the following steps to configure the example configuration from the web‑based manager.
To configure the client-side FortiGate unit
1. Go to WAN Opt. & Cache > WAN Opt. Peers > Peers and enter a Local Host ID for the client-side FortiGate unit:
2. Select Apply.
3. Select Create New and add the server-side FortiGate unit Peer Host ID and IP Address for the server-side FortiGate:
Peer Host ID | Server-Fgt |
IP Address | 192.168.30.12 |
4. Select OK.
5. Go to Policy & Objects > Objects > Addresses and select Create New to add a firewall address for the client network.
Category | Address |
Name | Client-Net |
Type | Subnet |
Subnet / IP Range | 172.20.120.0/24 |
Interface | port1 |
6. Select Create New to add a firewall address for the web server network.
Category | Address |
Address Name | Web-Server-Net |
Type | Subnet |
Subnet / IP Range | 192.168.10.0/24 |
Interface | port2 |
7. Go to WAN Opt. & Cache > WAN Opt. Profiles > Profiles and edit the default profile.
8. Select Transparent Mode.
9. Under Protocol, select HTTP and for HTTP select Byte Caching. Leave the HTTP Port set to 80.
10. Select Apply to save your changes.
11. Go to Policy& Objects > Policy > IPv4 and add a WAN optimization security policy to the client-side FortiGate unit that accepts traffic to be optimized:
Incoming Interface | port1 |
Source Address | all |
Outgoing Interface | port2 |
Destination Address | all |
Schedule | always |
Service | ALL |
Action | ACCEPT |
12. Select Enable WAN Optimization and configure the following settings:
Enable WAN Optimization | active |
Profile | default |
13. Select OK.
14. Edit the policy from the CLI to turn off wanopt-detection, add the peer ID of the server-side FortiGate unit, and the default WAN optimization profile. The following example assumes the ID of the policy is 5:
config firewall policy
edit 5
set wanopt-detection off
set wanopt-peer Server-Fgt
set wanopt-profile default
end
When you set the detection mode to off the policy becomes a manual mode WAN optimization policy. On the web‑based manager the WAN optimization part of the policy changes to the following:
Enable WAN Optimization | Manual (Profile: default, Peer: Peer-Fgt-2) |
To configure the server-side FortiGate unit
1. Go to WAN Opt. & Cache > WAN Opt. Peers > Peers and enter a Local Host ID for the server-side FortiGate unit:
2. Select Apply.
3. Select Create New and add a Peer Host ID and the IP Address for the client-side FortiGate unit:
Peer Host ID | Client-Fgt |
IP Address | 172.20.34.12 |
4. Select OK.
5. Enter the following CLI command to add an explicit proxy policy to accept WAN optimization tunnel connections.
configure firewall explicit-proxy-policy
edit 0
set proxy wanopt
set dstintf port1
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
next
end