Recently I learned that wan opt feature only works with fw policys that doesn' t include any utm features...I also learned that this behaviour should change with an upcoming fortios release...
So I just wanna know if I still have to work with 2 vdoms to really use the wan opt feature with MR3 ?
Has anyone gotten this to work yet? I have a new 1240b, and it' s not yet in production, so I went up to MR3 to try to get this. I can either Enable Web Cache in the policy OR use UTM for web filtering, but appears that I still can' t do both. I' m playing with it today to try to get it to work, but didn' t know if anyone else had it working.
On a side note - I' m not opposed to doing 2 VDOM' s to enable this - but since I have only one internal (10.x.x.x) port and one external (ISP) port in use, I don' t see how I can do 2 VDOM' s, since the documentation states each vdom needs at least 2 interfaces to be useful. Or maybe I' m not understanding something basic. I just want a device to use as a proxy cache and web filter, nothing fancier than that.
Never mind - I figured it out - I had to follow the steps on page 2277 EXACTLY, in that order, no deviation (I deleted the policy I already had, since just modifying an existing policy didn' t work). After I followed those steps, I was able to modify the policy again and include the web filter, so now I see it both web caching plus filtering.
We are also using 1240b in an A-A cluster. We have delayed our move to MR3 until there is an update release. We have learned he hard way not to move to a new release too quickly. How do you find it for stability etc. in your environment
We' ll be moving off BorderManager to the Fortigate (single) next month, so I don' t have much in the way of real-world testing on this yet. I' m still working on the setup configurations on a separated segment before I move all network to the 1240b, which is when I' m sure I' ll have a better idea. However, just in testing alone I had issues with 4.0 MR2 Patch2 (bug with false disk failure), which is another reason why I moved to MR3. But the web cache with UTM filtering on a single VDOM was key for me (since I still don' t understand the multiple VDOM thing yet). As for stability, I haven' t had it reboot or perform unexpectedly since I put MR3 on.
We are v4 mr2 p7 and it seems to have been remarkably stable. I am also keen on moving to mr3 to resolve the WAN opt issues with UTM policies. Just haven' t had time to start looking at separate vdom implementaiton issues and hate to complicate our environment any more than is necesary.
I had started a ticket with support on this and the engineer I spoke to was surprised that this wasn' t working under our release but confirmed that implementation was in mr3, but suggested waiting for the next incremental release as there would be many fixes in it and it would be coming " soon"
Good luck with your migration. We moved from Checkpoint to Fortigate and while there are some things I really miss in the Checkpoint mgmt interface the Fortigate has worked really well for us. We typically push 600-800M of traffic during normal hours.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.