• WAN optimization tunnel sharing is recommended for similar types of WAN optimization traffic. However, tunnel sharing for different types of traffic is not recommended. For example, aggressive and non-aggressive protocols should not share the same tunnel. See “Tunnel sharing”.

• Active-passive HA is the recommended HA configuration for WAN optimization. See “WAN optimization and HA”.

• Configure WAN optimization authentication with specific peers. Accepting any peer is not recommended as this can be less secure. See “Accepting any peers”.

• Set the explicit proxy Default Firewall Policy Action to Deny. This means that a security policy is required to use the explicit web proxy. See “Explicit web proxy configuration overview”.

• Set the explicit FTP proxy Default Firewall Policy Action to Deny. This means that a security policy is required to use the explicit FTP proxy. See “Explicit FTP proxy configuration overview”.

• Do not enable the explicit web or FTP proxy on an interface connected to the Internet. This is a security risk because anyone on the Internet who finds the proxy could use it to hide their source address. If you must enable the proxy on such an interface make sure authentication is required to use the proxy. See “Explicit web proxy configuration overview”.