Configuring basic active-passive WAN optimization

Chapter 23 WAN Optimization, Web Cache, Explicit Proxy, and WCCP : Configuration examples : Example: Active-passive WAN optimization : Configuring basic active-passive WAN optimization - CLI

Configuring basic active-passive WAN optimization - CLI

Use the following steps to configure the example WAN optimization configuration from the client-side and server-side FortiGate unit CLI.

To configure the client-side FortiGate unit

1. Add the Local Host ID to the client-side FortiGate configuration:

config wanopt settings

set host-id Client-Fgt

end

2. Add the server-side Local Host ID to the client-side peer list:

config wanopt peer

edit Server-Fgt

set ip 192.168.20.1

end

3. Add a WAN optimization profile to optimize CIFS, HTTP, and FTP traffic.

config wanopt profile

edit Custom-wan-opt-pro

config cifs

set status enable

set byte-caching enable

set port 445

end

config http

set status enable

set byte-caching enable

set port 80

end

config ftp

set status enable

set byte-caching enable

set port 21

end

4. Add a firewall address for the client network.

config firewall address

edit Client-Net

set type iprange

set start-ip 172.20.120.100

set end-ip 172.20.120.200

set associated-interface port1

end

5. Add a firewall address for the web server network.

config firewall address

edit Web-Server-Net

set type ipmask

set subnet 192.168.10.0 255.255.255.0

set associated-interface port2

end

6. Add an active WAN optimization security policy that applies virus scanning:

config firewall policy

edit 0

set srcintf port1

set dstintf port2

set srcaddr Client-net

set dstaddr Web-Server-Net

set action accept

set service HTTP FTP SMB

set schedule always

set wanopt enable

set wanopt-detection active

set wanopt-profile Custom-wan-opt-pro

end

To configure the server-side FortiGate unit

1. Add the Local Host ID to the server-side FortiGate configuration:

config wanopt settings

set host-id Server-Fgt

end

2. Add the client-side Local Host ID to the server-side peer list:

config wanopt peer

edit Client-Fgt

set ip 172.20.120.1

end

3. Add a firewall address for the client network.

config firewall address

edit Client-Net

set type iprange

set start-ip 172.20.120.100

set end-ip 172.20.120.200

set associated-interface port1

end

4. Add a firewall address for the web server network.

config firewall address

edit Web-Server-Net

set type ipmask

set subnet 192.168.10.0 255.255.255.0

set associated-interface port2

end

5. Add a passive WAN optimization policy.

config firewall policy

edit 0

set srcintf port1

set dstintf port2

set srcaddr Client-Net

set dstaddr Web-Server-Net

set action accept

set service ALL

set schedule always

set wanopt enable

set wanopt-detection passive

set wanopt-passive-opt default

end

6. Add a WAN optimization tunnel explicit proxy policy.

configure firewall explicit-proxy-policy

edit 0

set proxy wanopt

set dstintf port1

set srcaddr all

set dstaddr all

set action accept

set schedule always

set service ALL

end