Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
veechee
New Contributor

Created on ‎05-05-2011 09:42 AM

Share your WAN Optimization experiences here

So I finally took the time to try WAN Optimization between two FortiGate' s. Both are 60C' s with 32 GB Class 10 SD cards installed, and 29 GB provisioned for WAN Optimization storage space. There are Windows servers at each site with SMB file shares. I did a rule set on each site to cache traffic requested by client PCs to the servers on each side. I made two rules: one for port 445, which I think was enough, but just in case I also made one for 49152-65535, which is the random port range Server 2008/Vista+ use in conjunction with port 445. The results were fairly immediate and somewhat impressive. Downloading a 30 MB file will take 10 mins the first time, and only ~1 minute the second time - peaking at 2 MB/s file transfer versus maybe 40 KB/s for a non-cached file. However, I do notice increased latency versus before, so I' m reluctant to roll out optimization to the server to server traffic (the servers seem to use 445 for a lot of communication) and to traffic outside of CIFS/SMB. I do think this has great potential but the Fortinet docs and knowledge base are lacking on examples for site-to-site traffic optimization (e.g., generic TCP optimization mentioned in the " Inside FortiOS" sheet but totally absent in any examples). If people are interested in my rule sets that I got to work I' d be happy to share them, and conversely I' d love to hear from others that have deployed WAN Optimization and where it is benefiting them.
Preview file
145 KB
7310
0 Kudos
20 REPLIES 20
kinderu28
New Contributor

Created on ‎06-17-2011 06:57 AM

@mbrowndcm: That was the link that i used to configure my ipsec and wan optimization.I forgot to mention in my previous post. I' ve managed to set up the wan optimization tunnels,but it seems that it works only for peer-to-peer and not for active-passive(don' t know why) @veechee: my topology is a little weird due to lack of equipment(2 fortigates and 2 computers)Here is a picture of the topology.The green line is how traffic passes from the client to the server , the pink is the ipsec tunnel, red is for the wan ports and the blue and black are for the lan ports. On my server i' m now running a program (countertrace) that receives packets and sends them to user space, where it adds a number of hops(thus increasing latency).Hope this is a good enough wan simulation.Moreover, i' m using smokeping for measuring delays and latency.
Preview file
60 KB
434
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.