Security policies
Two server-side WAN optimization security policy configurations are possible. One for active-passive WAN optimization and one for manual WAN optimization.
Active/passive mode on server-side
config firewall policy
edit 2 <<< the passive mode policy
set srcintf wan1
set dstintf internal
set srcaddr all
set dstaddr all
set action accept
set schedule always
set service ALL
set wanopt enable
set wanopt-detection passive
set wanopt-passive-opt transparent
end
config firewall explicit-proxy-policy
edit 3 <<< policy that accepts wanopt tunnel connections from the server
set proxy wanopt <<< wanopt proxy type
set dstintf internal
set srcaddr all
set dstaddr server-subnet
set action accept
set schedule always
set service ALL
next
end
Manual mode on server-side
config firewall explicit-proxy-policy
edit 3 <<< policy that accepts wanopt tunnel connections from the client
set proxy wanopt <<< wanopt proxy type
set dstintf internal
set srcaddr all
set dstaddr server-subnet
set action accept
set schedule always
set service ALL
next
end