WAN optimization and web caching
Configuring WAN optimization
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
607
For example, you might have a general WAN optimization rule that applies WAN
optimization features but does not apply secure tunneling to most WAN traffic but you
want to apply secure tunneling to FTP traffic (FTP traffic uses port 21). In this case, you
would add a the rule that creates a secure tunnel for FTP session above the general rule.
Figure 402:Example: secure tunneling for FTP — correct rule order
FTP sessions (using port 21) would immediately match the secure tunnel rule. Other kinds
of services would not match the FTP rule, and so rule evaluation would continue until
reaching the matching general rule. This rule order has the intended effect. But if you
reversed the order of the two rules, positioning the general rule before the FTP rule, all
session, including FTP, would immediately match the general rule, and the rule to secure
FTP would never be applied. This rule order would not have the intended effect.
Figure 403:Example: secure tunneling for FTP — Incorrect rule order
Similarly, if specific traffic requires exceptional WAN optimization rule settings, you would
position those rules above other potential matches in the rule list. Otherwise, the other
matching rules will take precedence, and the required authentication, IPSec VPN, or SSL
VPN might never occur.
Moving a rule to a different position in the rule list
You can arrange the WAN optimization rule list to influence the order in which rules are
evaluated for matches with incoming traffic.
Moving a rule in the rule list does not change its ID, which only indicates the order in which
the rule was created.
Figure 404:Move rule
To move a rule in the WAN optimization rule list
1
Go to
WAN Opt & Cache > Rule
.
2
In the rule list, note the ID of a rule that is before or after your intended destination.
3
In the row corresponding to the rule that you want to move, select the Move To icon.
4
Select Before or After, and enter the ID of the rule that is before or after your intended
destination. This specifies the rule’s new position in the WAN optimization rule list.
5
Select OK.
Exception
General
Exception
General
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...