Fortinet black logo

CLI Reference

wanopt profile

Configure WAN optimization profiles.

  config wanopt profile
      Description: Configure WAN optimization profiles.
      edit <name>
          set transparent [enable|disable]
          set comments {var-string}
          set auth-group {string}
          config http
              Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set prefer-chunking [dynamic|fix]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {integer}
              set ssl [enable|disable]
              set ssl-port {integer}
              set unknown-http-version [reject|tunnel|...]
              set tunnel-non-http [enable|disable]
          end
          config cifs
              Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set prefer-chunking [dynamic|fix]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {integer}
          end
          config mapi
              Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {integer}
          end
          config ftp
              Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set prefer-chunking [dynamic|fix]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {integer}
          end
          config tcp
              Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set byte-caching-opt [mem-only|mem-disk]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {user}
              set ssl [enable|disable]
              set ssl-port {integer}
          end
      next
  end

config wanopt profile

Parameter Name Description Type Size
transparent Enable/disable transparent mode.
enable: Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.
disable: Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.
option -
comments Comment. var-string Maximum length: 255
auth-group Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. string Maximum length: 35

config http

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
prefer-chunking Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or range are accepted by this profile. integer Minimum value: 1 Maximum value: 65535
ssl Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this tunnel.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
ssl-port Port on which to expect HTTPS traffic for SSL/TLS offloading. integer Minimum value: 1 Maximum value: 65535
unknown-http-version How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.
reject: Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.
tunnel: Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
best-effort: Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.
option -
tunnel-non-http Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.
enable: Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
disable: Drop or tear down non-HTTP sessions accepted by the profile.
option -

config cifs

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
prefer-chunking Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or range are accepted by this profile. integer Minimum value: 1 Maximum value: 65535

config mapi

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or range are accepted by this profile. integer Minimum value: 1 Maximum value: 65535

config ftp

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
prefer-chunking Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or range are accepted by this profile. integer Minimum value: 1 Maximum value: 65535

config tcp

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
byte-caching-opt Select whether TCP byte-caching uses system memory only or both memory and disk space.
mem-only: Byte caching with memory only.
mem-disk: Byte caching with memory and disk.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile. user Not Specified
ssl Enable/disable SSL/TLS offloading.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
ssl-port Port on which to expect HTTPS traffic for SSL/TLS offloading. integer Minimum value: 1 Maximum value: 65535

Configure WAN optimization profiles.

  config wanopt profile
      Description: Configure WAN optimization profiles.
      edit <name>
          set transparent [enable|disable]
          set comments {var-string}
          set auth-group {string}
          config http
              Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set prefer-chunking [dynamic|fix]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {integer}
              set ssl [enable|disable]
              set ssl-port {integer}
              set unknown-http-version [reject|tunnel|...]
              set tunnel-non-http [enable|disable]
          end
          config cifs
              Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set prefer-chunking [dynamic|fix]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {integer}
          end
          config mapi
              Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {integer}
          end
          config ftp
              Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set prefer-chunking [dynamic|fix]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {integer}
          end
          config tcp
              Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set byte-caching-opt [mem-only|mem-disk]
              set tunnel-sharing [private|shared|...]
              set log-traffic [enable|disable]
              set port {user}
              set ssl [enable|disable]
              set ssl-port {integer}
          end
      next
  end

config wanopt profile

Parameter Name Description Type Size
transparent Enable/disable transparent mode.
enable: Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.
disable: Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.
option -
comments Comment. var-string Maximum length: 255
auth-group Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. string Maximum length: 35

config http

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
prefer-chunking Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or range are accepted by this profile. integer Minimum value: 1 Maximum value: 65535
ssl Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this tunnel.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
ssl-port Port on which to expect HTTPS traffic for SSL/TLS offloading. integer Minimum value: 1 Maximum value: 65535
unknown-http-version How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.
reject: Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.
tunnel: Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
best-effort: Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.
option -
tunnel-non-http Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.
enable: Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
disable: Drop or tear down non-HTTP sessions accepted by the profile.
option -

config cifs

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
prefer-chunking Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or range are accepted by this profile. integer Minimum value: 1 Maximum value: 65535

config mapi

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or range are accepted by this profile. integer Minimum value: 1 Maximum value: 65535

config ftp

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
prefer-chunking Select dynamic or fixed-size data chunking for HTTP WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or range are accepted by this profile. integer Minimum value: 1 Maximum value: 65535

config tcp

Parameter Name Description Type Size
status Enable/disable HTTP WAN Optimization.
enable: Enable HTTP WAN Optimization.
disable: Disable HTTP WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable HTTP byte-caching.
disable: Disable HTTP byte-caching.
option -
byte-caching-opt Select whether TCP byte-caching uses system memory only or both memory and disk space.
mem-only: Byte caching with memory only.
mem-disk: Byte caching with memory and disk.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Single port number or port number range for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile. user Not Specified
ssl Enable/disable SSL/TLS offloading.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
ssl-port Port on which to expect HTTPS traffic for SSL/TLS offloading. integer Minimum value: 1 Maximum value: 65535