Frequently asked questions about FortiGate WAN optimization
WAN optimization and web caching
FortiGate Version 4.0 Administration Guide
600
01-400-89802-20090424
•
FortiGate-3600A
•
FortiGate-3810A
•
FortiGate-5001A-SW
The 310B, 620B, 3600A, 3016B, 3810A and 5001A-SW must include a
FortiGate-ASM-S08 module or FortiGate-ASM-SAS module or you must configure iSCSI
to support web caching and byte caching.
Q:
What happens if my FortiGate unit doesn’t include the FortiGate-ASM-S08 module or
FortiGate-ASM-SAS module?
A:
You can still configure and use WAN optimization even if the FortiGate unit does not
have a hard disk. If the hard disk is not available WAN optimization can still apply all
features except web caching and byte caching. If you have an iSCSI device on your
network, you can use the CLI to configure WAN optimization to use iSCSI for web caching
and byte caching.
Q:
How does WAN Optimization accept sessions?
A:
WAN optimization uses rules to select traffic to be optimized. But, before WAN
optimization rules can accept traffic, the traffic must be accepted by a FortiGate firewall
policy. All sessions accepted by a firewall policy that also match a WAN optimization rule
are processed by WAN optimization.
Q:
Can you apply protection profiles to WAN optimization traffic?
A:
Within the same VDOM, you cannot apply a protection profile and WAN optimization to
the same communication session. As of FortiOS 4.0, in a single VDOM if a firewall policy
includes a protection profile, all sessions accepted by the policy are processed by the
protection profile and are not processed by WAN optimization. To apply a protection
profile to WAN optimization traffic you can use two VDOMs and an inter-VDOM link (or
two FortiGate units). On the client end of a WAN optimization link, sessions leaving a LAN
should be processed by a protection profile first. Then using the inter-vdom link you can
apply WAN optimization in a second VDOM before sending the session over the WAN
optimization tunnel.
If you want to apply a protection profile to WAN optimized traffic on the server end of a
WAN optimization tunnel before the traffic enters the destination LAN, you also require
two VDOMs. The first VDOM should terminate the WAN optimization tunnel. Then an
inter-VDOM link is required to a second VDOM that applies a protection profile to the
sessions before the sessions are sent to the receiving LAN.
This may be changed in later FortiOS versions.
Q:
Does FortiGate WAN optimization work with other vendor’s WAN optimization or
acceleration features?
A:
No, FortiGate WAN optimization is proprietary to Fortinet. FortiGate WAN optimization
is compatible with FortiClient WAN optimization.
Q:
Can the web cache feature be used for caching HTTPs sessions.
A:
Yes, if you import the correct certificates.
Q:
To use FortiGate WAN optimization or Web caching, do end users need to configure
their web browsers to use the FortiGate unit as a proxy server?
A:
No WAN optimization is transparent to users.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...