Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Share your WAN Optimization experiences here
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Share your WAN Optimization experiences here
So I finally took the time to try WAN Optimization between two FortiGate' s. Both are 60C' s with 32 GB Class 10 SD cards installed, and 29 GB provisioned for WAN Optimization storage space. There are Windows servers at each site with SMB file shares. I did a rule set on each site to cache traffic requested by client PCs to the servers on each side. I made two rules: one for port 445, which I think was enough, but just in case I also made one for 49152-65535, which is the random port range Server 2008/Vista+ use in conjunction with port 445. The results were fairly immediate and somewhat impressive. Downloading a 30 MB file will take 10 mins the first time, and only ~1 minute the second time - peaking at 2 MB/s file transfer versus maybe 40 KB/s for a non-cached file. However, I do notice increased latency versus before, so I' m reluctant to roll out optimization to the server to server traffic (the servers seem to use 445 for a lot of communication) and to traffic outside of CIFS/SMB.
I do think this has great potential but the Fortinet docs and knowledge base are lacking on examples for site-to-site traffic optimization (e.g., generic TCP optimization mentioned in the " Inside FortiOS" sheet but totally absent in any examples). If people are interested in my rule sets that I got to work I' d be happy to share them, and conversely I' d love to hear from others that have deployed WAN Optimization and where it is benefiting them.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
20 REPLIES 20
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi veechee
I did my wanopt test last year and expected more benefits than i really got. I also noticed the " added delays" .
what network latency do you have between your two sites?
could you please try the following for me?
1) create an office document (word, excel etc) of any size (e.g.1mb)
2) transfer it twice from local to the remote site -> do you see the caching effect?
3) then on the local site, open the office document and close it again (notice, no " save" was done).
4) transfer it again -> do you still see the caching effect?
thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has anybody seen WAN-opt bake-offs between the other players just how well does fortinet stack up to cisco, riverbed, sliverpeak,etc....?
I' ve personally have not tried any wan-opt outside of the lab, but have use the others mention above. And all has some benefits over fortinet in their approach, methods, reporting, statistics gathering and overall performance & bandwidth savings.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
I' m new on this forum so please be gentle.
I' m doing my thesis on wan optimization using Fortinet equipments(Fortigate 51B, version 4.0 MR2).
I' ve managed to see how traffic has been optimized (according to the reduction rate graph in the monitor menu) for all protocols,except 1.MAPI.
TCP,CIFS,FTP,HTTP have been successfully optimized by the equipment except for the MAPI protocol.After 3 days trying to deploy Exchange server(AD,DNS,Outlook) i finally got some MAPI traffic by sending emails(with or without attachments).I' ve managed to send across the link about 30-50MB of MAPI traffic, but there was no wan optimization.Reduction rate 0%.
My test consisted on sending a mail with an attachment and then basically downloading the same attachment several times via Outlook.I' ve used transparent mode and byte caching int the wan rule for the MAPI protocol and used a peer to peer configuration .In my opinion this should' ve resulted in some kind of reduction.
Have any of you managed to obtain any reduction for the MAPI protocol?Some feedback or any kind information regarding this aspect would be very useful.
Thanks a lot
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same here, i' ve got MAPI hitting the wan opt rule but i' m not getting any reduction.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: MAPI
In Outlook 2007 and 2010 the option exists to encrypt traffic between the Exchange server and the client. Is that enabled? This is just a guess, but I think that the encryption would remove the ability for the Fortigate to optimize any traffic.
kinderu28: What are you experiences with latency when using WAN Optimization on all those protocols?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
before you invest to much time in WanOpt & MAPI, I recommend to open a support ticket and wait for their response
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m using Exchange 2003 and Outlook 2003.
@veechee: I haven' t quite used o monitoring tool for measuring latency(haven' t found one yet:) ),although i noticed that http performs quite well if data is cached.It' s a lot faster when downloading a file that was previously cached.However FTP and CIFS don' t seem that faster,but i have to make more tests like:
- 10.000 files of 100 Kbytes
- 10 files of 100Mbytes
- 1 file of 1Gbyte
I will get back to you shortly(1 or 2 day max)
PS:i achieved 98%reduction rate for TCP traffic using jperf.
PS2:i notice that memory usage is quite high(50-60%) and sometimes sends the unit into conserve mode.
PS3:My 2 FortiGates are directly connected via the wan1 interface.I was thinking of creating a routing loop between (3-4 hops) to really simulate a WAN environment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Maik: for some reason i can' t open a ticket or submit my product. Actually,it is not my product, it belongs to my University, and it could be for teaching/testing purpose only.I don' t know.Both 51-B have the same serial number:FG50BH3G0*******.I' m not sure if i can give away this information,that' s why i haven' t given the full serial.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kinderu28,
Based solely on my personal observations, WAN Optimization on CIFS and the generic TCP optimization, increases the latency, so for example, pulling up a folder is slower, but once I initiate a file transfer if it' s cached it goes faster overall.
I' d definitely recommend you try to simulate slower speed links AND latency, as these bare the things WAN Optimization is supposed to help overcome, and they do not exist in a direct connection situation.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,691 -
FortiClient
1,762 -
5.2
801 -
FortiManager
728 -
5.4
639 -
FortiAnalyzer
558 -
FortiSwitch
475 -
FortiAP
471 -
FortiClient EMS
431 -
6.0
416 -
5.6
362 -
FortiMail
318 -
6.2
251 -
SSL-VPN
245 -
FortiAuthenticator v5.5
234 -
IPsec
208 -
FortiWeb
205 -
5.0
196 -
FortiNAC
189 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
103 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
96 -
FortiToken
92 -
Firewall policy
82 -
Customer Service
79 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
46 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
Certificate
34 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
Virtual IP
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiGate-VM
12 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
API
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1712 | |
| 1093 | |
| 752 | |
| 447 | |
| 231 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.