Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ISOffice
Contributor

Web Cache Not Working?

Hi All,

We have a FortiGate 100D Cluster (Active-Active), running Version 5.2.2 Build 642 (GA). We have several IPv4 Policies permitting access to the Internet from several different subnets. On each policy we have Web Cache enabled.

However, when I look at the Cache Monitor in WAN Opt & Cache, I see No Data, indicating that nothing is being cached. Could someone please give me some pointers on what I should look at next to troubleshoot this issue.

 

Many thanks,

 

JP

1 Solution
Dave_Hall
Honored Contributor

Check your cache settings to see if anything is actually allocated to it.  Also check to see if logging to disk is actually active.  See also Web Caching and HA.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
18 REPLIES 18
Dave_Hall
Honored Contributor

Check your cache settings to see if anything is actually allocated to it.  Also check to see if logging to disk is actually active.  See also Web Caching and HA.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
ISOffice
Contributor

Hi Dave,

 

Many thanks for your reply. We have had a few little problems following our upgrade to v5.2.2. This particular issue may lie in the fact that we are running the cluster in active-active mode, while the recommended set-up is active-passive. I will change the configuration to the recommended set-up as soon as possible.

However, in the meantime, I can confirm that logging to disk is enabled and that space has been allocated (8.5GB) for WAN Optimization & Web Cache.

I will post any updates.

 

Thanks again,

 

John

Carl_Wallmark
Valued Contributor

I have a FG100D standalone with 5.2.2 and I can´t get the webcache to work as well.

Nothing shows up in the monitor.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Carl_Wallmark
Valued Contributor

Ok, I found my problem,

 

I had a VIP going from port 80 to 9998 and you need to add a protocol-profile to include the 9998 port for HTTP.

 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
ISOffice
Contributor

Hi Selective,

 

Many thanks for your input, but I think our issue is caused by something different. On the recommendation of Fortinet, I reformatted the log disk (#execute formatlogdisk), but this did not sort the issue. HTTP traffic still not being cached. Before I start banging my head of a wall, can I verify that all that is required to enable web caching is to turn on the 'Web Cache' option within a IPv4 policy?

 

JP

Carl_Wallmark

ISOffice wrote:

Hi Selective,

 

Many thanks for your input, but I think our issue is caused by something different. On the recommendation of Fortinet, I reformatted the log disk (#execute formatlogdisk), but this did not sort the issue. HTTP traffic still not being cached. Before I start banging my head of a wall, can I verify that all that is required to enable web caching is to turn on the 'Web Cache' option within a IPv4 policy?

 

JP[attachImg]https://forum.fortinet.com/download.axd?file=0;118398&where=message&f=IPv4_Policy.JPG[/attachImg]

Yes, it look good, however you have a service called "Nia-PublicServices", I guess HTTP is included ?

 

You also should allocate disk to webcache, by going to System -> Config -> Advanced and add some disk to webcache.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
ISOffice
Contributor

Hi Selective,

Thanks again for your prompt reply. I can verify that 'NIA-PublicServices' consists of multiple protocols, HTTP, HTTPS, DNS etc. Also under System -> Config -> Advanced we have space allocated for caching. I have a support call open with Fortinet in relation to this. Hopefully they will come up with a solution soon.

JP

Carl_Wallmark
Valued Contributor

I hope you will solve this, and when you do, please share what was wrong ;)

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
ISOffice
Contributor

Will do.

Still finding my way around the FortiGates. They are a good product, we just need to sort out a few minor issues.

JP

Labels
Top Kudoed Authors