Best practices
This is a short list of WAN optimization and explicit proxy best practices.
• WAN optimization tunnel sharing is recommended for similar types of WAN optimization traffic. However, tunnel sharing for different types of traffic is not recommended. For example, aggressive and non-aggressive protocols should not share the same tunnel. See
“Tunnel sharing”.
• Configure WAN optimization authentication with specific peers. Accepting any peer is not recommended as this can be less secure. See
“Accepting any peers”.
• Do not enable the explicit web or FTP proxy on an interface connected to the Internet. This is a security risk because anyone on the Internet who finds the proxy could use it to hide their source address. If you must enable the proxy on such an interface make sure authentication is required to use the proxy. See
“Explicit web proxy configuration overview”.