Wan Optimization

Wan Optimization

The FortiOS Handbook chapter contains the following sections:

  • Example network topologies provides an overview of FortiGate WAN optimization best practices and technologies and some of the concepts and rules for using them. We recommend that you begin with this chapter before attempting to configure your FortiGate unit to use WAN optimization.
  • Configuring WAN optimization provides basic configuration for WAN optimization rules, including adding rules, organizing rules in the rule list and using WAN optimization addresses. This chapter also explains how WAN optimization accepts sessions, as well as how and when you can apply security profiles to WAN optimization traffic.
  • Peers and authentication groups describes how to use WAN optimization peers and authentication groups to control access to WAN optimization tunnels.
  • Configuration examples describes basic active-passive and peer-to-peer WAN optimization configuration examples.

This chapter is a good place to start learning how to put an actual WAN optimization network together.

  • Web caching and SSL offloading describes how web caching works to cache HTTP and HTTPS, how to use SSL offloading to improved performance of HTTPS websites, and includes web caching configuration examples.
  • FortiClient WAN optimization describes how FortiGate and FortiClient WAN optimization work together and includes an example configuration.
  • The FortiGate explicit web proxy describes how to configure the FortiGate explicit web proxy, how users connect to the explicit web proxy, and how to add web caching to the explicit web proxy.
  • The FortiGate explicit FTP proxy describes how to configure the FortiGate explicit FTP proxy and how users connect to the explicit FTP proxy.
  • FortiGate WCCP describes FortiGate WCCP and how to configure WCCP and the WCCP client.
  • Diagnose commands describes get and diagnose commands available for troubleshooting WAN optimization, web cache, and WCCP.

 

 

Whats new in FortiOS 5.4

 

Toggle Disk Usage for logging or wan-opt (290892)

Both logging and WAN Optimization use hard disk space to save data. For FortiOS 5.4 you cannot use the same hard disk for WAN Optimization and logging.

  • If the FortiGate has one hard disk, then it can be used for either disk logging or WAN optimization, but not both. By default, the hard disk is used for disk logging.
  • If the FortiGate has two hard disks, then one disk is always used for disk logging and the other disk is always used for WAN optimization.

On the FortiGate, go to System > Advanced > Disk Settings to switch between Local Log and WAN Optimization.

 

You can also change disk usage from the CLI using the following command:

configure system global

set disk-usage {log | wanopt}

end

 

The Toggle Disk Usage feature is supported on all new “E” Series models, while sup- port for “D” Series models may vary.

Please refer to the Feature Platform Matrix for more information.

Changing the disk setting formats the disk, erases current data stored on the disk and disables either disk logging or WAN Optimization.

You can configure WAN Optimization from the CLI or the GUI. To configure WAN Optimization from the GUI you must go to System > Feature Select and turn on WAN Optimization.

Remote logging (including logging to FortiAnalyzer and remote Syslog servers) is not affected by using the single local hard disk for WAN Optimization.

 

Enabling WAN Optimization affects more than just disk logging

In addition to affecting WAN Optimization, the following table shows other features affected by the FortiGate disk configuration.

 

Features affected by Disk Usage as per the number of internal hard disks on the FortiGate

Feature Logging Only

(1 hard disk)

WAN Opt. Only

(1 hard disk)

Logging & WAN Opt. (2 hard disks)
 

Logging

 

Supported

 

Not supported

 

Supported

 

Report/Historical

FortiView

 

Supported

 

Not supported

 

Supported

 

Firewall Packet Capture (Policy Capture and Inter- face Capture)

 

Supported

 

Not supported

 

Supported

 

AV Quarantine

 

Supported

 

Not supported

 

Supported

 

IPS Packet Cap- ture

 

Supported.

 

Not supported

 

Supported

 

DLP Archive

 

Supported

 

Not supported

 

Supported

Feature                    Logging Only

(1 hard disk)

WAN Opt. Only

(1 hard disk)

Logging & WAN Opt. (2 hard disks)

 

SandboDB & Results

FortiSandbox database and results are also stored on disk, but will not be affected by this feature.

 

MAPI AV scanning is supported over WAN Optimization (267975)

AV works on MAPI when WAN Optimization is used.

This entry was posted in FortiOS, FortiOS 5.4 Handbook and tagged on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.