FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Xav_FTNT
Staff
Staff

Description

When configuring Wan Optimization for CIFS protocol, some additional configuration needs to be applied to a Windows 2003 server in order to fully benefit from Wan Optimization acceleration.


Scope


Solution

In order to fully benefit from CIFS Wan Optimisation, SMB signing needs to be disabled on the Windows server that is sharing the resource.
 
When signing is enabled it will force the FortiGate to wait for a signed response to be sent by the server.  As a consequence the benefits from Wan Optimization will be lost.
 
The following steps can be used to disable SMB signing:
 
1.  Open "Default domain controller security settings".
 
2.  Under "Local policies" -> "Security options", find
  • "Microsoft network server: Digitally sign communications (always)"
  • "Microsoft network server: Digitally sign communications (if client agrees)"
3.  Set both to "disable".
 
4.  Reset CIFS connections by disable/re-enable network interface of server.
 
Additional information on Windows SMB signing configuration can be found at http://support.microsoft.com/kb/887429

 

Contributors