Sie sind auf Seite 1von 5



Home ( About ( Contact ( <

Home ( Cisco ( Fortinet ( Genera !ecurity ( -security/) "inu# ( inu#/) $ews ( %i&erbe' ('/) !cripts ( (in'ows ('ows/)

Fortigate )raffic *ptimi+ation

March 24th, 2012 Daniel

Browse 100% Anonymously

Spotflux Lets You Surf And Browse The Web Anonymously And It's Free!

Fortigate is capable of Traffic Optimization, isnt that cool ? The follo ing are the things that can affect the !et or" an# $pplication %erformance 1& 'an# i#th 2& (atenc) *& Thro+ghp+t 4& ,ongestion -& %ac"et (oss

The Fortinet Firewa l is capable of #ealing ith all of them b) +sing .$! Optimization Techni/+e0 1& %rotocol Optimization 2& ')te ,aching *& .eb ,aching 4& Transparent pro1)

,. -rotoco *ptimi+ation
2ts an application techni/+e to impro3e performance of 4TT%, ,2F5, FT%, M$%2 an# T,% protocol traffic& 2 g+ess )o+ "no all of them e1cept ,2F5& This is a common internet file s)stem protocol 6 pro3i#es file access, recoring, change notification etc

2. .yte Caching
The Fortigate Fire all can brea" large +nts of application #ata into small ch+n"s of #ata, labeling each ith a hash, an# stores the ch+n"s an# has in a #ictionar) file& 2t assigns to"en to it an# the it sen#s the #ictionar) to the other Fortigates&

2f ch+n"s an# hash are recognize# it sen#s the to"en 7the #ictionar) m+st be the same on both of the si#es8&

/. (eb Caching
This techni/+e is also "no n as 4TT% pro1)ing& 2t stores the 4T(M pages, images an# more on the local 4DD& There are * mo#es of .eb caching0 a& !on9transparent for ar# pro1) caching b& Transparent for ar# pro1) caching 6 if )o+ +se this, please "eep in min# that the Fortigate m+st be place# near the net or" gate a)s c& Transparent re3erse pro1) caching 6 this is a metho# to re#+ce the loa# on a b+s) ser3er an# the 2nternet& eb ser3er b) +sing a eb cache ser3er bet een the

0. )ransparent pro#y
The +sers are not are of the Fortigate& The clients comm+nicate to the ser3er the same a) as optimization is compatible ith 2#entif)9'ase# fire all policies also itho+t the .$! optimization: the .$!

;eep in min# that all the fire all policies are applie# before the .$! optimization policies<r+les are applie#& 5o if )o+ bloc" the traffic, it not get optimize# of co+rse


)here 2 types of (A$ optimi+ation ru es: 1& $cti3e9%assi3e Mo#e 2& %eer9to9peer Mo#e

,. Acti&e -assi&e 1o'e The Fortigat Fire all on both en#s of the .$! optimization t+nnel operate in a "in# of client ser3er config+ration& The sessions are originate# on the client Fortigate an# are terminate# on the passi3e Fortigate fire all& The remote peer +ses a+to9#etection thro+gh T,% option as a #isco3er) mechanism to locate an) peers on the path to the ser3er& 2. -eer-to--eer 1o'e 2n this mo#e, both peers ha3e peer lists that incl+#es names an# 2% a##resses of the Fortigate #e3ices& 'oth Fortinet fire alls sho+l# ha3e matching r+les&

Genera H2$)! about Fortigate Firewa (A$ *ptimi+ation

1& ;eep in min# that %eer9to9%eer .$! optimization t+nnels +se port =>10& 5o if )o+ ha3e another fire all in front, #o not forget to O%?! that port& 2& Onl) one protocol can be selecte# in a .$! optimization r+le& 5o )o+ ha3e one r+le for each protocol& ?1ample0 @+le 1 for 4TT% traffic& *& Fire all traffic shaping 7A+alit) of 5er3ice8 is compatible onl) the optimization techni/+es are ignore#& ith client<ser3er7acti3e9passi3e8 transparent mo#e& For rest of the mo#es,

4& Of the fire all polic) incl+#es a threa# management profile, the pac"et is processe# b) the profile an# not b) .$! optimization& To appl) .$! optimization to traffic that is accepte# b) a fire all polic) containing a threa# management profile, m+ltiple fire all +nits or m+ltiple Fortigate 34*1 ('oms/) m+st be +se#: to #o this )o+ m+st appl) the the threa# management profile in the first FB +nit or CDOM an# appl) .$! optimization in the secon# Fortigate +nit or 34*1 ('oms/)& -& 55( is also capable of being optimize# b) +sing the .eb ,aching optimization techni/+es& The Fortinet fire all caches 4TT%s D& Fortigate is also capable of .,,% 6 .eb ,ache ,omm+nication %rotocol& Eo+ can chec" this article abo+t Fortigate .,,%& eb pages&

2f )o+ ha3e an) /+estions please let me "no & %oste# in Fortigate (, Fortinet ( Tags0 fortigate optimi+ation (, fortigate wan optimi+ation (, fortinet firewa optimi+ation ( optimi+ation/), fortinet wan optimi+ation (, wan optimi+ation fortigate

F (hat is a Firewa ( -security/what-is-a-firewa /) Fortigate an' (CC- ('-wccp/) G Eo+ can s"ip to the en# an# lea3e a response& %inging is c+rrentl) not allo e#&

"ea&e a %ep y
!ame 7re/+ire#8

Mail 7 ill not be p+blishe#8 7re/+ire#8


5+bmit ,omment 5earch

(5) (http://www.a'';winname8a''this;pub8#a-0a<9e,'=/c'>9e=0;source8tb#29:; ng8fr;s8'e icious;ur 8http?/A?2F?;tit e8Fortigate?2:)raffic?2:*ptimi+ation?2:?>C?2:$etwor6?2:?2<?2:!ecurity?2:. og;ate8A)-#a0a<9e,'=/c'>9e=0/-/-/9::<ae29,fc=>2c:/,;frommenu8,;ui'89::<ae299:@e@><9;ct8,;tt8:) (5) (http://www.a'';winname8a''this;pub8#a0a<9e,'=/c'>9e=0;source8tb#29:; ng8fr;s8'igg;ur 8http?/A?2F?;tit e8Fortigate?2:)raffic?2:*ptimi+ation?2:?>C?2:$etwor6?2:?2<?2:!ecurity?2:. og;ate8A)-#a-0a<9e,'=/c'>9e=0/-//9::<ae29,fc=>2c:/2;frommenu8,;ui'89::<ae292c=@@=,<;ct8,;tt8:) (http://www.a'' &829:;winname8a''this;pub8#a-0a<9e,'=/c'>9e=0;source8tb#29:; ng8fr;s8stumb eupon;ur 8http?/A?2F?;tit e8Fortigate?2:)raffic?2:*ptimi+ation?2:?>C?2:$etwor6?2:?2<?2:!ecurity?2:. og;ate8A)-#a0a<9e,'=/c'>9e=0/-/-/9::<ae29,fc=>2c://;frommenu8,;ui'89::<ae29f>c=/,,<;ct8,;tt8:) (5) (5)

(!paceAeu)Fo ow 1e on )witterB (!paceAeu)



%ecent -osts
Fortinet Csefu "in6s
( - in6s/)

CC2D !ecurity &0 . ueprint is out ( ueprint-is-out/) Creating a Fortigate 3-$ ( ip!pace Forum 7 ( "inu# Fi e !ystem ( inu#/ inu#-fi e-system/)

A!A ( Ca 1anager ( manager/) Fortigate ( Fortinet ( Genera !ecurity ( -security/) "inu# ( inu#/) $ews ( (in'ows ('ows/)

. ogro
4anie s CC2D b og (http:// 4arrenEs CC2D mission (http://me ow'.co.u6/ccie/) 4e&irusare (http://'e&

%ecent Comments
%outer!ecure ( on )witter Account (>@2) 4anie ( on Fortigate 2-! (>:=) Hblastman on Fortigate 2-! (>:@) 4anie ( on Creating a Fortigate 3-$ (<>=)

A e# (http://a e#amaran' on 2nsecure 1aga+ine (

Fune 2:,2 (,2/:</) 1ay 2:,2 (,2/:9/) Apri 2:,2 (,2/:0/) 1arch 2:,2 (,2/://) February 2:,2 (,2/:2/) Fanuary 2:,2 (,2/:,/)

Feature' 3i'eo

,op)right I $etwor6 ; !ecurity . og ( 9 2tJs all abo+t 5ec+rit) %o ere# b) (or'-ress (http://wor' K Designe# b)0 !hare-oint Hosting ( ) K Than"s to .usiness Dmai Hosting (http://businessemai, -roGect !er&er Hosting (http://proGectser& an# Hoste' 3irtua 4es6top (http://&irtua 'es6topon'-'es6top/) A!A ( Ca 1anager ( manager/) Cata yst !witches ( FortiAna y+er ( y+er-fortinet/) Fortigate ( Fortimai ( /) %e'Hat ( inu#/re'hat/) Cbuntu ( inu#/ubuntu/)