WAN optimization profiles
Use WAN optimization profiles to apply WAN optimization techniques to traffic to be optimized. In a WAN optimization profile you can select the protocols to be optimized and for each protocol you can enable SSL offloading (if supported), secure tunneling, byte caching and set the port or port range the protocol uses. You can also enable transparent mode and optionally select an authentication group. You can edit the default WAN optimization profile or create new ones.
To configure a WAN optimization profile go to WAN Opt. & Cache > Profiles and edit a profile or create a new one.
Configuring a WAN optimization profile
From the CLI you can use the following command to configure a WAN optimization profile to optimize HTTP traffic.
config wanopt profile edit new-profile
config http
end
set status enable
Transparent Mode Servers receiving packets after WAN optimization “see” different source addresses depending on whether or not you select Transparent Mode.
For more information, see WAN optimization transparent mode on page 2850.
Authentication Group
Select this option and select an authentication group so that the client and server-side FortiGate units must authenticate with each other before start- ing the WAN optimization tunnel. You must also select an authentication group if you select Secure Tunneling for any protocol.
You must add identical authentication groups to both of the FortiGate units that will participate in the WAN optimization tunnel. For more information, see Configuring authentication groups on page 2862.
Protocol
Select CIFS, FTP, HTTP or MAPI to apply protocol optimization for the selected protocols. See Protocol optimization on page 2849.
Select TCP if the WAN optimization tunnel accepts sessions that use more than one protocol or that do not use the CIFS, FTP, HTTP, or MAPI pro- tocol.
SSL Offloading
Select to apply SSL offloading for HTTPS or other SSL traffic. You can use SSL offloading to offload SSL encryption and decryption from one or more HTTP servers to the FortiGate unit. If you enable this option, you must con- figure the security policy to accept SSL-encrypted traffic.
If you enable SSL offloading, you must also use the CLI command con- fig wanopt ssl-server to add an SSL server for each HTTP server that you want to offload SSL encryption/decryption for. For more inform- ation, see Turning on web caching for HTTPS traffic on page 2888.
Secure
Tunnelling
The WAN optimization tunnel is encrypted using SSL encryption. You must also add an authentication group to the profile. For more information, see Secure tunneling on page 2864.
Byte Caching Select to apply WAN optimization byte caching to the sessions accepted by this rule. For more information, see “Byte caching”.
Port Enter a single port number or port number range. Only packets whose des- tination port number matches this port number or port number range will be optimized.