I' ve got web caching set-up between a head office FGT-60C and a remote office FWF-60C. The head office unit has a 32 GB Class 10 SD Card. The remote office has the 4 GB SD card. I observe no restrictions based on not having the larger card installed in that unit. Both units are connected by IPSec link using static IPs. Following the documentation, I enabled ' tunnel-sharing' to shared for CIFS rules and to private for HTTP and FTP rules. I am not using SSL or Secure Tunnels on any protocols, but I did use the firmware certificate for authenticating the rules, which worked. I later turned that off and the rules still worked.
All my observations have been done via SSL VPN on both endpoints, and using a Terminal Server inside the head office network (I' m on holidays which is where I found the time to work on this!).
- I have HTTP and FTP traffic successfully caching.
- I had to exclude caching the FGT/FWF management interface itself because when i had the whole IP range set to cache, I could not access the interface. I got a proxy error message. The Fortinet documentation does not mention this!
- CIFS caching I cannot make work. If I enable the rules for CIFS, it breaks my file shares. At first it looks like they work, and I got some reductions reported in the Monitor, but then they break. From then on, every connection attempt to a share I see it go up by a 60-80 bytes, which I assume is some attempt at authenticating, but it fails in Windows. I' ve tried to cache using both all ports and isolating to 139 and 445, and the results are the same. I guess I need to open a ticket with Fortinet about this.
- Caching over SSL VPN works when pulling resources across the IPSec link. This is a nice feature.