Configuring basic peer-to-peer WAN optimization - CLI
Use the following steps to configure the example WAN optimization configuration from the client-side and server-side FortiGate unit CLI.
To configure the client-side FortiGate unit
1. Add the Local Host ID to the client-side FortiGate configuration:
config wanopt settings
set host-id Client-Fgt
end
2. Add the server-side Local Host ID to the client-side peer list:
config wanopt peer
edit Server-Fgt
set ip 192.168.30.12
end
3. Add a firewall address for the client network.
config firewall address
edit Client-Net
set type ipmask
set subnet 172.20.120.0 255.255.255.0
set associated-interface port1
end
4. Add a firewall address for the web server network.
config firewall address
edit Web-Server-Net
set type ipmask
set subnet 192.168.10.0 255.255.255.0
set associated-interface port2
end
5. Edit the default WAN optimization profile, select transparent mode, enable HTTP WAN optimization and enable byte caching for HTTP. Leave the HTTP Port set to 80.
config wanopt profile
edit default
set transparent enable
config http
set status enable
set byte-caching enable
end
end
6. Add a WAN optimization security policy to the client-side FortiGate unit to accept the traffic to be optimized:
config firewall policy
edit 0
set srcintf port1
set dstintf port2
set srcaddr all
set dstaddr all
set action accept
set service ALL
set schedule always
set wanopt enable
set wanopt-profile default
set wanopt-detection off
set wanopt-peer Server-Fgt
end
To configure the server-side FortiGate unit
1. Add the Local Host ID to the server-side FortiGate configuration:
config wanopt settings
set host-id Server-Fgt
end
2. Add the client-side Local Host ID to the server-side peer list:
config wanopt peer
edit Client-Fgt
set ip 192.168.30.12
end
3. Add a WAN optimization tunnel explicit proxy policy.
configure firewall explicit-proxy-policy
edit 0
set proxy wanopt
set dstintf port1
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
next
end