Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

Configure WAN optimization profiles.

  config wanopt profile
      Description: Configure WAN optimization profiles.
      edit <name>
          set transparent [enable|disable]
          set comments {var-string}
          set auth-group {string}
          config http
              Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set ssl [enable|disable]
              set prefer-chunking [dynamic|fix]
              set protocol-opt [protocol|tcp]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
          end
          config cifs
              Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set prefer-chunking [dynamic|fix]
              set protocol-opt [protocol|tcp]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
          end
          config mapi
              Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
          end
          config ftp
              Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set ssl [enable|disable]
              set prefer-chunking [dynamic|fix]
              set protocol-opt [protocol|tcp]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
          end
          config tcp
              Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set byte-caching-opt [mem-only|mem-disk]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
              set port {user}
              set ssl [enable|disable]
              set ssl-port {user}
          end
      next
  end

config wanopt profile

Parameter Name Description Type Size
transparent Enable/disable transparent mode.
enable: Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.
disable: Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.
option -
comments Comment. var-string Maximum length: 255
auth-group Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. string Maximum length: 35

config http

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
ssl Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
prefer-chunking Select dynamic or fixed-size data chunking for WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
protocol-opt Select Protocol specific optimitation or generic TCP optimization.
protocol: Using protocol-specific optimization.
tcp: Using generic TCP optimization.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -

config cifs

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
prefer-chunking Select dynamic or fixed-size data chunking for WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
protocol-opt Select Protocol specific optimitation or generic TCP optimization.
protocol: Using protocol-specific optimization.
tcp: Using generic TCP optimization.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -

config mapi

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -

config ftp

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
ssl Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
prefer-chunking Select dynamic or fixed-size data chunking for WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
protocol-opt Select Protocol specific optimitation or generic TCP optimization.
protocol: Using protocol-specific optimization.
tcp: Using generic TCP optimization.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -

config tcp

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
byte-caching-opt Select whether TCP byte-caching uses system memory only or both memory and disk space.
mem-only: Byte caching with memory only.
mem-disk: Byte caching with memory and disk.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Port numbers or port number ranges for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile. user Not Specified
ssl Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
ssl-port Port numbers or port number ranges on which to expect HTTPS traffic for SSL/TLS offloading. user Not Specified

Configure WAN optimization profiles.

  config wanopt profile
      Description: Configure WAN optimization profiles.
      edit <name>
          set transparent [enable|disable]
          set comments {var-string}
          set auth-group {string}
          config http
              Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set ssl [enable|disable]
              set prefer-chunking [dynamic|fix]
              set protocol-opt [protocol|tcp]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
          end
          config cifs
              Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set prefer-chunking [dynamic|fix]
              set protocol-opt [protocol|tcp]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
          end
          config mapi
              Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
          end
          config ftp
              Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set ssl [enable|disable]
              set prefer-chunking [dynamic|fix]
              set protocol-opt [protocol|tcp]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
          end
          config tcp
              Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.
              set status [enable|disable]
              set secure-tunnel [enable|disable]
              set byte-caching [enable|disable]
              set byte-caching-opt [mem-only|mem-disk]
              set tunnel-sharing [shared|express-shared|...]
              set log-traffic [enable|disable]
              set port {user}
              set ssl [enable|disable]
              set ssl-port {user}
          end
      next
  end

config wanopt profile

Parameter Name Description Type Size
transparent Enable/disable transparent mode.
enable: Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.
disable: Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.
option -
comments Comment. var-string Maximum length: 255
auth-group Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group. string Maximum length: 35

config http

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
ssl Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
prefer-chunking Select dynamic or fixed-size data chunking for WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
protocol-opt Select Protocol specific optimitation or generic TCP optimization.
protocol: Using protocol-specific optimization.
tcp: Using generic TCP optimization.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -

config cifs

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
prefer-chunking Select dynamic or fixed-size data chunking for WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
protocol-opt Select Protocol specific optimitation or generic TCP optimization.
protocol: Using protocol-specific optimization.
tcp: Using generic TCP optimization.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -

config mapi

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -

config ftp

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
ssl Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
prefer-chunking Select dynamic or fixed-size data chunking for WAN Optimization.
dynamic: Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix: Select fixed data chunking.
option -
protocol-opt Select Protocol specific optimitation or generic TCP optimization.
protocol: Using protocol-specific optimization.
tcp: Using generic TCP optimization.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -

config tcp

Parameter Name Description Type Size
status Enable/disable WAN Optimization.
enable: Enable WAN Optimization.
disable: Disable WAN Optimization.
option -
secure-tunnel Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).
enable: Enable SSL-secured tunnelling.
disable: Disable SSL-secured tunnelling.
option -
byte-caching Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.
enable: Enable byte-caching.
disable: Disable byte-caching.
option -
byte-caching-opt Select whether TCP byte-caching uses system memory only or both memory and disk space.
mem-only: Byte caching with memory only.
mem-disk: Byte caching with memory and disk.
option -
tunnel-sharing Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.
shared: For profiles that accept nonaggressive and non-interactive protocols.
express-shared: For profiles that accept interactive protocols such as Telnet.
private: For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
option -
log-traffic Enable/disable logging.
enable: Enable logging.
disable: Disable logging.
option -
port Port numbers or port number ranges for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile. user Not Specified
ssl Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.
enable: Enable SSL/TLS offloading.
disable: Disable SSL/TLS offloading.
option -
ssl-port Port numbers or port number ranges on which to expect HTTPS traffic for SSL/TLS offloading. user Not Specified