Configuring basic active-passive WAN optimization - web‑based manager
Use the following steps to configure the example WAN optimization configuration from the client-side and server-side FortiGate unit web‑based manager.
To configure the client-side FortiGate unit
1. Go to WAN Opt. & Cache > WAN Opt. Peers > Peers and enter a Local Host ID for the client-side FortiGate unit:
2. Select Apply.
3. Select Create New and add a Peer Host ID and the IP Address for the server-side FortiGate unit:
Peer Host ID | Server-Fgt |
IP Address | 192.168.20.1 |
4. Select OK.
5. Go to WAN Opt. & Cache > WAN Opt. Profiles > Profiles and select Create New to add a WAN optimization profile to optimize CIFS, HTTP, and FTP traffic:
Name | Custom-wan-opt-pro |
Transparent Mode | Select |
6. Select the CIFS protocol, select Byte Caching and set the Port to 445.
7. Select the FTP protocol, select Byte Caching and set the Port to 21.
8. Select the HTTP protocol, select Byte Caching and set the Port to 80.
9. Select OK.
10. Go to Policy & Objects > Objects > Addresses and select Create New to add an address for the client network.
Category | Address |
Address Name | Client-Net |
Type | IP Range |
Subnet / IP Range | 172.20.120.100-172.20.120.200 |
Interface | port1 |
11. Select Create New to add an address for the web server network.
Category | Address |
Address Name | Web-Server-Net |
Type | Subnet |
Subnet / IP Range | 192.168.10.0/24 |
Interface | port2 |
12. Go to Policy & Objects > Policy > IPv4 and select Create New to add an active WAN optimization security policy:
Incoming Interface | port1 |
Source Address | Client-Net |
Outgoing Interface | port2 |
Destination Address | Web-Server-Net |
Schedule | always |
Service | HTTP FTP SMB |
Action | ACCEPT |
13. Turn on WAN Optimization and configure the following settings:
WAN Optimization | active |
Profile | Custom-wan-opt-pro |
14. Turn on Antivirus and select the default antivirus profile.
15. Select OK.
To configure the server-side FortiGate unit
1. Go to WAN Opt. & Cache > WAN Opt. Peers > Peers and enter a Local Host ID for the server-side FortiGate unit:
2. Select Apply.
3. Select Create New and add a Peer Host ID and the IP Address for the client-side FortiGate unit:
Peer Host ID | Client-Fgt |
IP Address | 172.30.120.1 |
4. Select OK.
5. Go to Policy & Objects > Objects > Addresses and select Create New to add an address for the client network.
Category | Address |
Address Name | Client-Net |
Type | IP Range |
Subnet / IP Range | 172.20.120.100-172.20.120.200 |
Interface | port1 |
6. Select Create New to add a firewall address for the web server network.
Category | Address |
Address Name | Web-Server-Net |
Type | Subnet |
Subnet / IP Range | 192.168.10.0/24 |
Interface | port2 |
7. Select OK.
8. Select Policy & Objects > Policy > IPv4 and select Create New to add a passive WAN optimization policy that applies application control.
Incoming Interface | port2 |
Source Address | Client-Net |
Outgoing Interface | port1 |
Destination Address | Web-Server-Net |
Schedule | always |
Service | ALL |
Action | ACCEPT |
9. Turn on WAN Optimization and configure the following settings:
WAN Optimization | passive |
Passive Option | default |
10. Select OK.
11. From the CLI enter the following command to add a WAN optimization tunnel explicit proxy policy.
configure firewall explicit-proxy-policy
edit 0
set proxy wanopt
set dstintf port1
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
next
end