Fortinet black logo

CLI Reference

config wanopt profile

config wanopt profile

Configure WAN optimization profiles.

config wanopt profile

Description: Configure WAN optimization profiles.

edit <name>

set transparent [enable|disable]

set comments {var-string}

set auth-group {string}

config http

Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set ssl [enable|disable]

set prefer-chunking [dynamic|fix]

set protocol-opt [protocol|tcp]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

end

config cifs

Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set prefer-chunking [dynamic|fix]

set protocol-opt [protocol|tcp]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

end

config mapi

Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

end

config ftp

Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set ssl [enable|disable]

set prefer-chunking [dynamic|fix]

set protocol-opt [protocol|tcp]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

end

config tcp

Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set byte-caching-opt [mem-only|mem-disk]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

set port {user}

set ssl [enable|disable]

set ssl-port {user}

end

next

end

config wanopt profile

Parameter name

Description

Type

Size

transparent

Enable/disable transparent mode.

option

-

Option

Description

enable

Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.

disable

Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.

comments

Comment.

var-string

Maximum length: 255

auth-group

Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group.

string

Maximum length: 35

config http

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

prefer-chunking

Select dynamic or fixed-size data chunking for WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

protocol-opt

Select Protocol specific optimitation or generic TCP optimization.

option

-

Option

Description

protocol

Using protocol-specific optimization.

tcp

Using generic TCP optimization.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

config cifs

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

protocol-opt

Select Protocol specific optimitation or generic TCP optimization.

option

-

Option

Description

protocol

Using protocol-specific optimization.

tcp

Using generic TCP optimization.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

config mapi

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

config ftp

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

prefer-chunking

Select dynamic or fixed-size data chunking for WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

protocol-opt

Select Protocol specific optimitation or generic TCP optimization.

option

-

Option

Description

protocol

Using protocol-specific optimization.

tcp

Using generic TCP optimization.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

config tcp

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

byte-caching-opt

Select whether TCP byte-caching uses system memory only or both memory and disk space.

option

-

Option

Description

mem-only

Byte caching with memory only.

mem-disk

Byte caching with memory and disk.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Port numbers or port number ranges for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

user

Not Specified

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

ssl-port

Port numbers or port number ranges on which to expect HTTPS traffic for SSL/TLS offloading.

user

Not Specified

config wanopt profile

Configure WAN optimization profiles.

config wanopt profile

Description: Configure WAN optimization profiles.

edit <name>

set transparent [enable|disable]

set comments {var-string}

set auth-group {string}

config http

Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set ssl [enable|disable]

set prefer-chunking [dynamic|fix]

set protocol-opt [protocol|tcp]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

end

config cifs

Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set prefer-chunking [dynamic|fix]

set protocol-opt [protocol|tcp]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

end

config mapi

Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

end

config ftp

Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set ssl [enable|disable]

set prefer-chunking [dynamic|fix]

set protocol-opt [protocol|tcp]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

end

config tcp

Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.

set status [enable|disable]

set secure-tunnel [enable|disable]

set byte-caching [enable|disable]

set byte-caching-opt [mem-only|mem-disk]

set tunnel-sharing [shared|express-shared|...]

set log-traffic [enable|disable]

set port {user}

set ssl [enable|disable]

set ssl-port {user}

end

next

end

config wanopt profile

Parameter name

Description

Type

Size

transparent

Enable/disable transparent mode.

option

-

Option

Description

enable

Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.

disable

Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.

comments

Comment.

var-string

Maximum length: 255

auth-group

Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group.

string

Maximum length: 35

config http

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

prefer-chunking

Select dynamic or fixed-size data chunking for WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

protocol-opt

Select Protocol specific optimitation or generic TCP optimization.

option

-

Option

Description

protocol

Using protocol-specific optimization.

tcp

Using generic TCP optimization.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

config cifs

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

protocol-opt

Select Protocol specific optimitation or generic TCP optimization.

option

-

Option

Description

protocol

Using protocol-specific optimization.

tcp

Using generic TCP optimization.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

config mapi

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

config ftp

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

prefer-chunking

Select dynamic or fixed-size data chunking for WAN Optimization.

option

-

Option

Description

dynamic

Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.

fix

Select fixed data chunking.

protocol-opt

Select Protocol specific optimitation or generic TCP optimization.

option

-

Option

Description

protocol

Using protocol-specific optimization.

tcp

Using generic TCP optimization.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

config tcp

Parameter name

Description

Type

Size

status

Enable/disable WAN Optimization.

option

-

Option

Description

enable

Enable WAN Optimization.

disable

Disable WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

-

Option

Description

enable

Enable SSL-secured tunnelling.

disable

Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

-

Option

Description

enable

Enable byte-caching.

disable

Disable byte-caching.

byte-caching-opt

Select whether TCP byte-caching uses system memory only or both memory and disk space.

option

-

Option

Description

mem-only

Byte caching with memory only.

mem-disk

Byte caching with memory and disk.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

-

Option

Description

shared

For profiles that accept nonaggressive and non-interactive protocols.

express-shared

For profiles that accept interactive protocols such as Telnet.

private

For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.

log-traffic

Enable/disable logging.

option

-

Option

Description

enable

Enable logging.

disable

Disable logging.

port

Port numbers or port number ranges for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

user

Not Specified

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for traffic in this tunnel.

option

-

Option

Description

enable

Enable SSL/TLS offloading.

disable

Disable SSL/TLS offloading.

ssl-port

Port numbers or port number ranges on which to expect HTTPS traffic for SSL/TLS offloading.

user

Not Specified