FortiCache 4.0.1 Administration Guide

Cache

Web cache settings can be optimized to improve performance and specific URL patterns can be exempt from caching and/or forwarded to a web proxy server.

Cache

Settings

In most cases, the default settings for the WAN optimization web cache are acceptable. However, you may want to change them to improve performance or optimize the cache for your configuration.

Go to WAN Opt. & Cache > Cache > Settings to configure web cache settings.

Configure the following settings, then select Apply to apply your changes:

Always Revalidate Always re-validate requested cached objects with content on the server before serving them to the client.
Max Cache Object Size The maximum size of objects (files) that are cached (default = 512000KB). Objects that are larger than this size are still delivered to the client but are not stored in the FortiCache web cache.
Negative Response Duration The amount of time, in minutes, that the FortiCache unit caches error responses from web servers (default = 0 minutes).

The content server might send a client error code (4xx HTTP response) or a server error code (5xx HTTP response) as a response to some requests. If the web cache is configured to cache these negative responses, it returns that response in subsequent requests for that page or image for the specified number of minutes, regardless of the actual object status.

Fresh Factor For cached objects that do not have an expiry time, the web cache periodically checks the server to see if the objects have expired. The higher the fresh factor the less often the checks occur (default = 100%).

For example, if you set Max TTL and Default TTL to 7200 minutes (5 days) and set Fresh Factor to 20, the web cache check the cached objects 5 times before they expire, but if you set the Fresh Factor to 100, the web cache will only check once.

Cache

Max TTL The maximum amount of time (Time to Live), in minutes, an object can stay in the web cache without the cache checking to see if it has expired on the server. From 1 to 5256000 minutes (one year) (default = 7200 minutes).
Min TTL The minimum amount of time an object can stay in the web cache before the web cache checks to see if it has expired on the server. From 1 to 5256000 minutes (default = 5 minutes).
Default TTL The default expiry time for objects that do not have an expiry time set by the web server. From 1 to 5256000 minutes (default = 1440 minutes).
Proxy FQDN This option cannot be changed from the default: default.fqdn.
Max HTTP request length This option cannot be changed from the default: 4KB.
Max HTTP message length This option cannot be changed from the default: 32KB.
Ignore  
If-modified-since If the time specified by the if-modified-since (IMS) header in the client’s conditional request is greater than the last modified time of the object in the cache, it is a strong indication that the copy in the cache is stale. If so, HTTP does a conditional GET to the original content source, based on the last modified time of the cached object.

Enable ignoring if-modified-since to override this behavior.

HTTP 1.1

Conditionals

HTTP 1.1 provides additional controls to the client for the behavior of caches toward stale objects. Depending on various cache-control headers, the FortiCache unit can be forced to consult the OCS before serving the object from the cache. For more information about the behavior of cachecontrol header values, see RFC 2616.

Enable ignoring HTTP 1.1 conditionals to override this behavior.

Pragma-no-cache Typically, if a client sends an HTTP GET request with a pragma no-cache (PNC) or cache-control no-cache header, a cache must consult the OCS before serving the content. This means that the unit always re-fetches the entire object from the OCS, even if the cached copy of the object is fresh. Because of this behavior, PNC requests can degrade performance and increase server-side bandwidth utilization.

Enable ignoring Pragma-no-cache so that the PNC header from the client request is ignored. The FortiCache unit treats the request as if the PNC header is not present.

IE Reload  
Cache Expired Objects Enable to cache expired type-1 objects (if all other conditions make the object cacheable).

Monitor

Revalidated Pragma-nocache The PNC header in a request can affect how efficiently the device uses bandwidth.

If you do not want to completely ignor PNC in client requests by selecting Ignore > Pragma-no-cache, you can lower the impact on bandwidth usage with this option.

When selected, a client’s non-conditional PNC-GET request results in a conditional GET request sent to the OCS, if the object is already in the cache. This gives the OCS a chance to return the 304 Not Modified response, which consumes less server-side bandwidth as the OCS has not been forced to return full content.

By default, Revalidate Pragma-no-cache is disabled and is not affected by changes in the top-level profile. When the Substitute Get for PNC configuration is enabled, the revalidate PNC configuration has no effect. Most download managers make byte-range requests with a PNC header. To serve such requests from the cache, you should also configure byterange support when you configure the Revalidate pragma-no-cache option.

URL match list

The URL match list is used to exempt URLs from caching and to enable forwarding specific URLs to a web proxy server. URLs, URL patterns, and numeric IP addresses can be added to the match list.

For example, if your users access websites that are not compatible with FortiCache web caching, you can add the URLs of these web sites to the web caching exempt list, and all traffic accepted by a web cache policy for these websites will not be cached.

To configure a URL match list, use the following CLI command:

config web-proxy url-match edit <name> set url-pattern <value> set cache-exemption [enable|disable]

next

end

Monitor

Using the web cache and WAN optimization monitors, you can confirm that the FortiCache unit is accepting and caching traffic and view web caching and WAN optimization performance. The monitor presents collected log information in a graphical format to show network traffic and bandwidth optimization information.

To view the WAN optimization monitor, go to WAN Opt. & Cache > Monitor > WAN Opt. Monitor.

Monitor

Traffic Summary This section provides traffic optimization information. It displays how much traffic has been reduced by web caching by comparing the amount of client and server traffic.
Refresh icon Refresh the Traffic Summary.
Period Select a time period to show traffic summary for: Last 10 Minutes, Last 1 Hour, Last 1 Day, Last 1 Week, or Last 1 Month.
Protocol Lists the protocols shown in the pie chart, including: HTTP, MAPI, CIFS, FTP, TCP, and WEBPROXY.
Reduction Rate The reduction rate for each protocol, in percent.
LAN The number of LAN connections for that protocol.
WAN The number of WAN connections for that protocol.
Bandwidth Optimization This section shows the bandwidth optimization.

A line graph compares an application’s pre-optimized (LAN data) size with its optimized size (WAN data).

Refresh icon Select to refresh the Bandwidth Optimization display.
Period Select a time period to show bandwidth optimization for: Last 10 Minutes, Last 1 Hour, Last 1 Day, Last 1 Week, or Last 1 Month.
Protocol Select the protocol to show in the graph.

Monitor

Chart Type Select the chart type: Column Chart or Line Chart.

To view the web cache monitor, go to WAN Opt. & Cache > Monitor > Cache Monitor.

You can select a time period to show web cache monitoring for: Last 10 Minutes, Last 1 Hour, Last 1 Day, or Last 1 Month.

The PeerMonitor page under Wan Opt. & Cache > Monitor> PeerMonitor provides peer statistics including Peer name, IP, Type, and Traffic Reduction.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.