WAN optimization
Many multi-location enterprise environments reduce costs and consolidate resources by centralizing applications or providing applications in the cloud. Applications that work fine on a local LAN, such as Windows File Sharing (CIFS), email exchange (MAPI), and many others, suffer from bandwidth limitations and latency issues when accessed over a WAN. This results in a loss of productivity and a perceived need for expensive network upgrades. WAN optimization reduces your network overhead and removes unnecessary traffic for a better overall performance experience and eliminates the need for costly WAN link upgrades between data centers and other expensive solutions for your network traffic growth.
FortiOS WAN optimization provides an inexpensive and comprehensive solution that maximizes your WAN performance and provides intelligent bandwidth management and unmatched consolidated security performance.
FortiOS includes license-free WAN optimization on most current FortiGate devices with internal storage that also support SSL offloading.
Features
The following features are available through WAN optimization:
Protocol optimization
Protocol optimization is effective for applications designed for the LAN that do not function well on low bandwidth, high latency networks. See Protocol optimization for more information.
Byte caching
Byte caching improves caching by accelerating the transfer of similar, but not identical content. See Byte caching for more information.
SSL offloading
SSL is used by many organizations to keep WAN communications private. WAN optimization utilizes the SSL offloading capabilities of the FortiGate FortiASIC hardware to accelerate SSL traffic across the WAN. The FortiGate unit handles SSL encryption and decryption for corporate servers providing SSL encrypted connections over the WAN. See SSL Offloading for more information.
WAN optimization and HA
You can configure WAN optimization on a FortiGate HA cluster. See HA for more information.
Secure tunneling
FortiOS WAN optimization supports secure SSL-encrypted tunnels between FortiGate units on the WAN. See Secure tunneling for more information.
Prerequisites
FortiGate WAN optimization is proprietary to Fortinet Inc.. It will not work with other vendors’ WAN optimization or offloading features.
Before you begin to configure WAN optimization, please go through the following steps:
-
To use WAN optimization, your FortiGate unit must support it and not all FortiGate units do. In general, your FortiGate unit must include a hard disk to support these features. See Feature Platform Matrix.
-
If the physical FortiGate has only one hard disk, make sure it is selected for WAN optimization. See Disk usage for more information.
-
For FortiGate-VM, ensure you create two virtual disks besides the boot disk for WAN optimization to work.
-
To be able to configure WAN optimization from the GUI you should begin by going to System > Feature Visibility and turning on WAN Opt. & Cache.
-
If you enable virtual domains (VDOMs) on the FortiGate unit, WAN optimization is available separately for each VDOM.
At this stage, the following installation and configuration conditions are assumed:
-
For WAN optimization you have already successfully installed two or more FortiGate units at various locations across your WAN.
-
You have administrative access to the GUI or CLI.
-
The FortiGate units are integrated into your WAN or other networks.
-
The system time, DNS settings, administrator password, and network interfaces have been configured.
-
Firmware, FortiGuard Antivirus, and FortiGuard Antispam updates are completed.
-
Your Fortinet products have been registered. Register your Fortinet Inc. products at the Fortinet Technical Support website, https://support.fortinet.com.
Disk usage
Both logging and WAN optimization use hard disk space to save data. In FortiOS, you cannot use the same hard disk for both WAN optimization and logging.
-
If the FortiGate has one hard disk, then it can be used for either disk logging or WAN optimization, but not both. By default, the hard disk is used for disk logging.
Only physical FortiGate devices can switch between disk logging and WAN optimization in the case of a single hard disk. FortiGate-VM must have two virtual disks apart from the boot disk for WAN optimization to work.
-
If the FortiGate has two hard disks, then one disk is always used for disk logging and the other disk is always used for WAN optimization.
On the FortiGate, go to System > Settings > Disk Settings to switch between Local Log and WAN Optimization.
You can also change disk usage from the CLI using the following command:
config system storage
edit <name>
set usage {log | wanopt}
set wanopt-mode {mix | wanopt | webcache}
next
end
|
Option |
Description |
|---|---|
wanopt-mode
|
WAN optimization mode:
If only one of the two features is being used, using the applicable recommended mode will give a higher cache capacity and improve performance. |
Enabling WAN optimization affects more than just disk logging. The following table shows other features affected by the FortiGate disk configuration.
|
Feature |
1 hard disk |
2 hard disks |
|---|---|---|
| Logging | Not supported |
Supported |
| Report/Historical FortiView | Not supported |
Supported |
| Firewall Packet Capture (Policy Capture and Interface Capture) | Not supported |
Supported |
| AV Quarantine | Not supported |
Supported |
| IPS Packet Capture | Not supported |
Supported |
| DLP Archive | Not supported |
Supported |
| Sandbox DB & Results | FortiSandbox database and results are also stored on disk, but will not be affected by this feature. | |
| Remote Logging | Remote logging (including logging to FortiAnalyzer and Syslog servers) is not affected by this features. | |
|
Changing the disk setting formats the disk, erases current data stored on the disk, and disables either disk logging or WAN optimization. |
The following sections provide information about WAN optimization: