Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config wanopt settings

Note

This command is available for reference model(s) FortiGate 3000D, FortiGate 501E, FortiGate VM64, FortiWiFi 61F. It is not available for FortiGate 140E-POE.

Configure WAN optimization settings.

config wanopt settings

Description: Configure WAN optimization settings.

set host-id {string}

set tunnel-ssl-algorithm [high|medium|...]

set auto-detect-algorithm [simple|diff-req-resp]

end

config wanopt settings

Parameter

Description

Type

Size

Default

host-id

Local host ID (must also be entered in the remote FortiGate's peer list).

string

Maximum length: 35

default-id

tunnel-ssl-algorithm

Relative strength of encryption algorithms accepted during tunnel negotiation.

option

-

high

 

Option

Description

high

High encryption. Allow only AES and ChaCha.

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.

auto-detect-algorithm

Auto detection algorithms used in tunnel negotiations.

option

-

simple

 

Option

Description

simple

Use the same TCP option value in SYN/SYNACK packets. Backward compatible.

diff-req-resp

Use different TCP option values in SYN/SYNACK packets to avoid false positive detection.

config wanopt settings

Note

This command is available for reference model(s) FortiGate 3000D, FortiGate 501E, FortiGate VM64, FortiWiFi 61F. It is not available for FortiGate 140E-POE.

Configure WAN optimization settings.

config wanopt settings

Description: Configure WAN optimization settings.

set host-id {string}

set tunnel-ssl-algorithm [high|medium|...]

set auto-detect-algorithm [simple|diff-req-resp]

end

config wanopt settings

Parameter

Description

Type

Size

Default

host-id

Local host ID (must also be entered in the remote FortiGate's peer list).

string

Maximum length: 35

default-id

tunnel-ssl-algorithm

Relative strength of encryption algorithms accepted during tunnel negotiation.

option

-

high

 

Option

Description

high

High encryption. Allow only AES and ChaCha.

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.

auto-detect-algorithm

Auto detection algorithms used in tunnel negotiations.

option

-

simple

 

Option

Description

simple

Use the same TCP option value in SYN/SYNACK packets. Backward compatible.

diff-req-resp

Use different TCP option values in SYN/SYNACK packets to avoid false positive detection.