config wanopt profile

This command is available for model(s): FortiGate 1000D, FortiGate 100D, FortiGate 101E, FortiGate 101F, FortiGate 1101E, FortiGate 1200D, FortiGate 140D-POE, FortiGate 140D, FortiGate 1500DT, FortiGate 1500D, FortiGate 2000E, FortiGate 201E, FortiGate 2201E, FortiGate 2500E, FortiGate 3000D, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3301E, FortiGate 3401E, FortiGate 3601E, FortiGate 3700D, FortiGate 3800D, FortiGate 3810D, FortiGate 3815D, FortiGate 401E, FortiGate 5001D, FortiGate 5001E1, FortiGate 500D, FortiGate 501E, FortiGate 51E, FortiGate 52E, FortiGate 600D, FortiGate 601E, FortiGate 61E, FortiGate 61F, FortiGate 800D, FortiGate 81E-POE, FortiGate 81E, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 91E, FortiGate 92D, FortiGate VM64, FortiWiFi 51E, FortiWiFi 61E, FortiWiFi 61F, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

It is not available for: FortiGate 100EF, FortiGate 100E, FortiGate 100F, FortiGate 1100E, FortiGate 140E-POE, FortiGate 140E, FortiGate 200E, FortiGate 2200E, FortiGate 300E, FortiGate 30E 3G4G GBL, FortiGate 30E 3G4G INTL, FortiGate 30E 3G4G NAM, FortiGate 30E, FortiGate 3300E, FortiGate 3400E, FortiGate 3600E, FortiGate 3960E, FortiGate 3980E, FortiGate 400D, FortiGate 400E Bypass, FortiGate 400E, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 5001E, FortiGate 500E, FortiGate 50E, FortiGate 600E, FortiGate 60E DSL, FortiGate 60E-POE, FortiGate 60E, FortiGate 60F, FortiGate 80E-POE, FortiGate 80E, FortiGate 80F Bypass, FortiGate 80F-POE, FortiGate 80F, FortiGate 90E, FortiGateRugged 30D, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiGateRugged 90D, FortiWiFi 30E 3G4G INTL, FortiWiFi 30E 3G4G NAM, FortiWiFi 30E, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 50E 2R, FortiWiFi 50E, FortiWiFi 60E DSL, FortiWiFi 60E, FortiWiFi 80F 2R.

Configure WAN optimization profiles.

config wanopt profile
    Description: Configure WAN optimization profiles.
    edit <name>
        set auth-group {string}
        config cifs
            Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set prefer-chunking [dynamic|fix]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {integer}
        end
        set comments {var-string}
        config ftp
            Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set prefer-chunking [dynamic|fix]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {integer}
        end
        config http
            Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set prefer-chunking [dynamic|fix]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {integer}
            set ssl [enable|disable]
            set ssl-port {integer}
            set unknown-http-version [reject|tunnel|...]
            set tunnel-non-http [enable|disable]
        end
        config mapi
            Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {integer}
        end
        config tcp
            Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set byte-caching-opt [mem-only|mem-disk]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {user}
            set ssl [enable|disable]
            set ssl-port {integer}
        end
        set transparent [enable|disable]
    next
end

config wanopt profile

Parameter

Description

Type

Size

auth-group

Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group.

string

Maximum length: 35

comments

Comment.

var-string

Maximum length: 255

name

Profile name.

string

Maximum length: 35

transparent

Enable/disable transparent mode.

option

Option	Description
enable	Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.
disable	Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.

config cifs

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

Option	Description
dynamic	Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix	Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config ftp

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

Option	Description
dynamic	Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix	Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config http

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

Option	Description
dynamic	Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix	Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this tunnel.

option

Option	Description
enable	Enable SSL/TLS offloading.
disable	Disable SSL/TLS offloading.

ssl-port

Port on which to expect HTTPS traffic for SSL/TLS offloading.

integer

Minimum value: 1 Maximum value: 65535

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

Option	Description
reject	Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.
tunnel	Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
best-effort	Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

Option	Description
enable	Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
disable	Drop or tear down non-HTTP sessions accepted by the profile.

config mapi

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config tcp

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

byte-caching-opt

Select whether TCP byte-caching uses system memory only or both memory and disk space.

option

Option	Description
mem-only	Byte caching with memory only.
mem-disk	Byte caching with memory and disk.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

user

Not Specified

ssl

Enable/disable SSL/TLS offloading.

option

Option	Description
enable	Enable SSL/TLS offloading.
disable	Disable SSL/TLS offloading.

ssl-port

Port on which to expect HTTPS traffic for SSL/TLS offloading.

integer

Minimum value: 1 Maximum value: 65535

config wanopt profile

Configure WAN optimization profiles.

config wanopt profile
    Description: Configure WAN optimization profiles.
    edit <name>
        set auth-group {string}
        config cifs
            Description: Enable/disable CIFS (Windows sharing) WAN Optimization and configure CIFS WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set prefer-chunking [dynamic|fix]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {integer}
        end
        set comments {var-string}
        config ftp
            Description: Enable/disable FTP WAN Optimization and configure FTP WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set prefer-chunking [dynamic|fix]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {integer}
        end
        config http
            Description: Enable/disable HTTP WAN Optimization and configure HTTP WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set prefer-chunking [dynamic|fix]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {integer}
            set ssl [enable|disable]
            set ssl-port {integer}
            set unknown-http-version [reject|tunnel|...]
            set tunnel-non-http [enable|disable]
        end
        config mapi
            Description: Enable/disable MAPI email WAN Optimization and configure MAPI WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {integer}
        end
        config tcp
            Description: Enable/disable TCP WAN Optimization and configure TCP WAN Optimization features.
            set status [enable|disable]
            set secure-tunnel [enable|disable]
            set byte-caching [enable|disable]
            set byte-caching-opt [mem-only|mem-disk]
            set tunnel-sharing [private|shared|...]
            set log-traffic [enable|disable]
            set port {user}
            set ssl [enable|disable]
            set ssl-port {integer}
        end
        set transparent [enable|disable]
    next
end

config wanopt profile

Parameter

Description

Type

Size

auth-group

Optionally add an authentication group to restrict access to the WAN Optimization tunnel to peers in the authentication group.

string

Maximum length: 35

comments

Comment.

var-string

Maximum length: 255

name

Profile name.

string

Maximum length: 35

transparent

Enable/disable transparent mode.

option

Option	Description
enable	Determine if WAN Optimization changes client packet source addresses. Affects the routing configuration on the server network.
disable	Disable transparent mode. Client packets source addresses are changed to the source address of the FortiGate internal interface. Similar to source NAT.

config cifs

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

Option	Description
dynamic	Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix	Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for CIFS. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config ftp

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

Option	Description
dynamic	Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix	Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for FTP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config http

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

prefer-chunking

Select dynamic or fixed-size data chunking for HTTP WAN Optimization.

option

Option	Description
dynamic	Select dynamic data chunking to help to detect persistent data chunks in a changed file or in an embedded unknown protocol.
fix	Select fixed data chunking.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for HTTP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

ssl

Enable/disable SSL/TLS offloading (hardware acceleration) for HTTPS traffic in this tunnel.

option

Option	Description
enable	Enable SSL/TLS offloading.
disable	Disable SSL/TLS offloading.

ssl-port

Port on which to expect HTTPS traffic for SSL/TLS offloading.

integer

Minimum value: 1 Maximum value: 65535

unknown-http-version

How to handle HTTP sessions that do not comply with HTTP 0.9, 1.0, or 1.1.

option

Option	Description
reject	Reject or tear down HTTP sessions that do not use HTTP 0.9, 1.0, or 1.1.
tunnel	Pass HTTP traffic that does not use HTTP 0.9, 1.0, or 1.1 without applying HTTP protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
best-effort	Assume all HTTP sessions comply with HTTP 0.9, 1.0, or 1.1. If a session uses a different HTTP version, it may not parse correctly and the connection may be lost.

tunnel-non-http

Configure how to process non-HTTP traffic when a profile configured for HTTP traffic accepts a non-HTTP session. Can occur if an application sends non-HTTP traffic using an HTTP destination port.

option

Option	Description
enable	Pass non-HTTP sessions through the tunnel without applying protocol optimization, byte-caching, or web caching. TCP protocol optimization is applied.
disable	Drop or tear down non-HTTP sessions accepted by the profile.

config mapi

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for MAPI. Only packets with a destination port number that matches this port number or range are accepted by this profile.

integer

Minimum value: 1 Maximum value: 65535

config tcp

Parameter

Description

Type

Size

status

Enable/disable HTTP WAN Optimization.

option

Option	Description
enable	Enable HTTP WAN Optimization.
disable	Disable HTTP WAN Optimization.

secure-tunnel

Enable/disable securing the WAN Opt tunnel using SSL. Secure and non-secure tunnels use the same TCP port (7810).

option

Option	Description
enable	Enable SSL-secured tunnelling.
disable	Disable SSL-secured tunnelling.

byte-caching

Enable/disable byte-caching for HTTP. Byte caching reduces the amount of traffic by caching file data sent across the WAN and in future serving if from the cache.

option

Option	Description
enable	Enable HTTP byte-caching.
disable	Disable HTTP byte-caching.

byte-caching-opt

Select whether TCP byte-caching uses system memory only or both memory and disk space.

option

Option	Description
mem-only	Byte caching with memory only.
mem-disk	Byte caching with memory and disk.

tunnel-sharing

Tunnel sharing mode for aggressive/non-aggressive and/or interactive/non-interactive protocols.

option

Option	Description
private	For profiles that accept aggressive protocols such as HTTP and FTP so that these aggressive protocols do not share tunnels with less-aggressive protocols.
shared	For profiles that accept nonaggressive and non-interactive protocols.
express-shared	For profiles that accept interactive protocols such as Telnet.

log-traffic

Enable/disable logging.

option

Option	Description
enable	Enable logging.
disable	Disable logging.

port

Single port number or port number range for TCP. Only packets with a destination port number that matches this port number or range are accepted by this profile.

user

Not Specified

ssl

Enable/disable SSL/TLS offloading.

option

Option	Description
enable	Enable SSL/TLS offloading.
disable	Disable SSL/TLS offloading.

ssl-port

Port on which to expect HTTPS traffic for SSL/TLS offloading.

integer

Minimum value: 1 Maximum value: 65535

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config wanopt profile

config wanopt profile

config wanopt profile

config cifs

config ftp

config http

config mapi

config tcp

config wanopt profile

config wanopt profile

config wanopt profile

config cifs

config ftp