Chapter 23 WAN Optimization, Web Cache, Explicit Proxy, and WCCP : Configuring WAN optimization : WAN optimization profiles
  
WAN optimization profiles
Use WAN optimization profiles to apply WAN optimization techniques to traffic to be optimized. In a WAN optimization profile you can select the protocols to be optimized and for each protocol you can enable SSL offloading (if supported), secure tunneling, byte caching and set the port or port range the protocol uses. You can also enable transparent mode and optionally select an authentication group. You can edit the default WAN optimization profile or create new ones.
To configure a WAN optimization profile go to WAN Opt & Cache > WAN Opt. Profile > Profiles and edit a profile or create a new one.
Figure 328: Configuring a WAN optimization profile
From the CLI you can use the following command to configure a WAN optimization profile to optimize HTTP traffic.
config wanopt profile
edit new-profile
config http
set status enable
end
Transparent Mode
Servers receiving packets after WAN optimization “see” different source addresses depending on whether or not you select Transparent Mode.
For more information, see “WAN optimization transparent mode”.
Authentication Group
Select this option and select an authentication group so that the client and server-side FortiGate units must authenticate with each other before starting the WAN optimization tunnel. You must also select an authentication group if you select Secure Tunneling for any protocol.
You must add identical authentication groups to both of the FortiGate units that will participate in the WAN optimization tunnel. For more information, see “Configuring authentication groups”.
Protocol
Select CIFS, FTP, HTTP or MAPI to apply protocol optimization for the selected protocols. See “Protocol optimization”.
Select TCP if the WAN optimization tunnel accepts sessions that use more than one protocol or that do not use the CIFS, FTP, HTTP, or MAPI protocol.
SSL Offloading
Select to apply SSL offloading for HTTPS or other SSL traffic. You can use SSL offloading to offload SSL encryption and decryption from one or more HTTP servers to the FortiGate unit. If you enable this option, you must configure the security policy to accept SSL‑encrypted traffic.
If you enable SSL offloading, you must also use the CLI command config wanopt ssl‑server to add an SSL server for each HTTP server that you want to offload SSL encryption/decryption for. For more information, see “Turning on web caching for HTTPS traffic”.
Secure Tunnelling
The WAN optimization tunnel is encrypted using SSL encryption. You must also add an authentication group to the profile. For more information, see “Secure tunneling”.
Byte Caching
Select to apply WAN optimization byte caching to the sessions accepted by this rule. For more information, see “Byte caching”.
Port
Enter a single port number or port number range. Only packets whose destination port number matches this port number or port number range will be optimized.