Technical Tip: Enable web cache in IPv4 policy
Description
This article describes how to enable web cache in IPv4 policy for HTTPS.
Scope
FortiGate.
Solution
To enable web cache and web cache-https in the IPv4 policy, make sure that the policy is in proxy-based mode and deep-inspection is enabled in the policy.
Run the commands below afterwards.
config firewall policy
edit <policyID>
set webcache enable
set webcahche-https enable
end
edit <policyID>
set webcache enable
set webcahche-https enable
end
To verify if the caching is happening, the following command can be used.
diagnose wad webcache list
<period> 10min | hour | day | 30days.
Impact of enabling web cache:
- It can reduce response times for frequently accessed URLs by storing content locally on the FortiGate.
- Enabling caching will increase disk usage on the FortiGate as cached content is stored locally. The impact on disk usage depends on the volume of traffic and the size of the cached content. It is advisable to monitor disk usage.
- While caching can improve response times, it may also increase CPU and memory usage on the FortiGate. It is recommended to monitor the system resources of the firewall to ensure they remain within acceptable limits.
Note: Starting FortiOS v7.4.4, this feature is not supported anymore on FortiGate models with 2GB RAM or less, since Proxy-related features are not supported on FortiGate 2GB RAM models to enhance performance and optimize memory usage. See: Proxy-related features not supported on FortiGate 2 GB RAM models NEW for more info.