Fortinet black logo

CLI Reference

config wanopt profile

config wanopt profile

Configure WAN optimization profiles.

config wanopt profile

Description: Configure WAN optimization profiles.

edit <name>

set transparent [enable|disable]

set comments {var-string}

set auth-group {string}

config http

Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set prefer-chunking [dynamic|fix]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {integer}

set ssl [enable|disable]

set ssl-port {integer}

set unknown-http-version [reject|tunnel|...]

set tunnel-non-http [enable|disable]

end

config cifs

Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set prefer-chunking [dynamic|fix]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {integer}

end

config mapi

Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {integer}

end

config ftp

Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set prefer-chunking [dynamic|fix]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {integer}

end

config tcp

Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set byte-caching-opt [mem-only|mem-disk]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {user}

set ssl [enable|disable]

set ssl-port {integer}

end

next

end

config wanopt profile

Parameter name

Description

Type

Size

transparent

Enable/disable transparent mode.

option

-

Option

Description

enable

Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.

disable

Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.

comments

Comment.

var-string

Maximum length: 255

auth-group

Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group.

string

Maximum length: 35

config http

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this tunnel.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

ssl-port

Port on which to expect HTTPS traffic for SSL/TLS offloading.

integer

Minimum value: 1 Maximum value: 65535

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

-

Option

Description

reject

Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.

tunnel

Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.

best-effort

Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

-

Option

Description

enable

Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.

disable

Drop or tear down non-HTTP sessions accepted by the profile.

config cifs

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config mapi

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config ftp

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config tcp

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

byte-caching-opt

Select whether TCP byte-caching uses system memory only or both memory and disk space.

option

-

Option

Description

mem-only

Byte caching with memory only.

mem-disk

Byte caching with memory and disk.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

user

Not Specified

ssl

Enable/disable SSL/TLS offloading.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

ssl-port

Port on which to expect HTTPS traffic for SSL/TLS offloading.

integer

Minimum value: 1 Maximum value: 65535

config wanopt profile

Configure WAN optimization profiles.

config wanopt profile

Description: Configure WAN optimization profiles.

edit <name>

set transparent [enable|disable]

set comments {var-string}

set auth-group {string}

config http

Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set prefer-chunking [dynamic|fix]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {integer}

set ssl [enable|disable]

set ssl-port {integer}

set unknown-http-version [reject|tunnel|...]

set tunnel-non-http [enable|disable]

end

config cifs

Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set prefer-chunking [dynamic|fix]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {integer}

end

config mapi

Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {integer}

end

config ftp

Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set prefer-chunking [dynamic|fix]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {integer}

end

config tcp

Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set byte-caching-opt [mem-only|mem-disk]

set tunnel-sharing [private|shared|...]

set log-traffic [enable|disable]

set port {user}

set ssl [enable|disable]

set ssl-port {integer}

end

next

end

config wanopt profile

Parameter name

Description

Type

Size

transparent

Enable/disable transparent mode.

option

-

Option

Description

enable

Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.

disable

Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.

comments

Comment.

var-string

Maximum length: 255

auth-group

Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group.

string

Maximum length: 35

config http

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this tunnel.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

ssl-port

Port on which to expect HTTPS traffic for SSL/TLS offloading.

integer

Minimum value: 1 Maximum value: 65535

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

-

Option

Description

reject

Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.

tunnel

Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.

best-effort

Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

-

Option

Description

enable

Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.

disable

Drop or tear down non-HTTP sessions accepted by the profile.

config cifs

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config mapi

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config ftp

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config tcp

Parameter name

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

-

Option

Description

enable

Enable HTTP WAN Optimization.

disable

Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable HTTP byte-caching.

disable

Disable HTTP byte-caching.

byte-caching-opt

Select whether TCP byte-caching uses system memory only or both memory and disk space.

option

-

Option

Description

mem-only

Byte caching with memory only.

mem-disk

Byte caching with memory and disk.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Single port number or port number range for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

user

Not Specified

ssl

Enable/disable SSL/TLS offloading.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

ssl-port

Port on which to expect HTTPS traffic for SSL/TLS offloading.

integer

Minimum value: 1 Maximum value: 65535