Description
The article explains the best practices of WAN Optimization.
Scope
FortiGate.
Solution
Other best practices for utilizing the WAN Optimization feature follow.
Sharing the WAN Opt. tunnel for traffic of the same nature.
WAN optimization tunnel sharing is recommended for similar types of WAN optimization traffic (such as CIFS traffic from different servers).
However, tunnel sharing for different types of traffic is not recommended. For example, aggressive and non-aggressive protocols should not share the same tunnel.
Ordering WAN Opt. rules appropriately:
Ensure that the WAN Optimization rules cover TCP ports 139 and 445 (on the same or two different rules). Also, ensure that Transparent Mode is selected.
Setting correct configuration options for MAPI WAN Opt:
For MAPI WAN Optimization, only specify a rule with TCP port 135 (unless the MAPI control port is configured differently).
Derived data sessions using other random ports will be handled by the CIFS wan-optimization daemon even with only the control port configured.
Testing WAN Opt. in a lab:
Selecting the NAT feature in a security policy does not have any influence on WAN Optimization traffic.
High Availability.
There is no benefit to using active-active mode, so for pure WAN Optimization needs, use active-passive mode.
Authentication with specific peers.
WAN optimization authentication with specific peers, accepting any peer is not recommended as this can be less secure.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.