Overview
The following topics provide an overview on WAN optimization:
Client/server architecture
Traffic across a WAN typically consists of clients on a client network communicating across a WAN with a remote server network. The clients do this by starting communication sessions from the client network across a WAN to the server network. When you have FortiGates on each end, you can optimize these sessions by adding a WAN optimization profile.
To use WAN optimization, the FortiGate units can operate in either NAT or transparent mode. The client-side and server-side FortiGate units do not have to be operating in the same mode. The client-side FortiGate unit is located between the client network and the WAN. The server-side FortiGate unit is located between the server network and the WAN.
WAN optimization profiles are only added to the client-side. The server-side FortiGate unit employs the WAN optimization settings set in the WAN optimization profile on the client-side FortiGate unit. |
Profiles
Use WAN optimization profiles to apply WAN optimization techniques to traffic to be optimized. In a WAN optimization profile you can select the protocols to be optimized and for HTTP protocol. You can also enable SSL offloading (if supported), secure tunneling, byte caching, transparent mode, and optionally select an authentication group. You can edit the default WAN optimization profile or create new ones. See Configuration examples for sample configuration.
Transparent mode |
Servers receiving packets after WAN optimization see different source addresses depending on whether or not you select Transparent Mode. See Transparent mode for more information. |
Authentication group | Select this option and select an authentication group so that the client and server-side FortiGate units must authenticate with each other before starting the WAN optimization tunnel. See Peers and authentication groupsfor more information. |
Protocol | Select CIFS, FTP, HTTP, MAPI or TCP to apply protocol optimization for the selected protocols. See Protocol optimization for more information. |
SSL Offloading |
If you enable this option, you must also enable an SSL profile with ssl deep-inspection in a WAN optimization firewall policy on the client-side and use the CLI command |
SSL Secure Tunneling |
The WAN optimization tunnel is encrypted using SSL encryption. You must also add an authentication group to the profile. See Secure tunneling for more information. |
Byte Caching |
Select to apply WAN optimization byte caching to the sessions accepted by this rule. See Byte caching for more information. |