(http://www.ipspace.

eu)

Home (http://www.ipspace.eu/) About (http://www.ipspace.eu/about-2/) Contact (http://www.ipspace.eu/contact/) <

Home (http://www.ipspace.eu) Cisco (http://www.ipspace.eu/category/cisco/) Fortinet (http://www.ipspace.eu/category/fortinet/) Genera !ecurity (http://www.ipspace.eu/category/genera -security/) "inu# (http://www.ipspace.eu/category/ inu#/) $ews (http://www.ipspace.eu/category/news/) %i&erbe' (http://www.ipspace.eu/category/ri&erbe'/) !cripts (http://www.ipspace.eu/category/scripts/) (in'ows (http://www.ipspace.eu/category/win'ows/)

Fortigate )raffic *ptimi+ation

March 24th, 2012 Daniel

Browse 100% Anonymously

Spotflux Lets You Surf And Browse The Web Anonymously And It's Free!
www.spotflux.com

Fortigate is capable of Traffic Optimization, isnt that cool ? The follo ing are the things that can affect the !et or" an# $pplication %erformance 1& 'an# i#th 2& (atenc) *& Thro+ghp+t 4& ,ongestion -& %ac"et (oss

The Fortinet Firewa l is capable of #ealing ith all of them b) +sing .$! Optimization Techni/+e0 1& %rotocol Optimization 2& ')te ,aching *& .eb ,aching 4& Transparent pro1)

,. -rotoco *ptimi+ation
2ts an application techni/+e to impro3e performance of 4TT%, ,2F5, FT%, M$%2 an# T,% protocol traffic& 2 g+ess )o+ "no all of them e1cept ,2F5& This is a common internet file s)stem protocol 6 pro3i#es file access, recoring, change notification etc

2. .yte Caching
The Fortigate Fire all can brea" large +nts of application #ata into small ch+n"s of #ata, labeling each ith a hash, an# stores the ch+n"s an# has in a #ictionar) file& 2t assigns to"en to it an# the it sen#s the #ictionar) to the other Fortigates&

2f ch+n"s an# hash are recognize# it sen#s the to"en 7the #ictionar) m+st be the same on both of the si#es8&

/. (eb Caching
This techni/+e is also "no n as 4TT% pro1)ing& 2t stores the 4T(M pages, images an# more on the local 4DD& There are * mo#es of .eb caching0 a& !on9transparent for ar# pro1) caching b& Transparent for ar# pro1) caching 6 if )o+ +se this, please "eep in min# that the Fortigate m+st be place# near the net or" gate a)s c& Transparent re3erse pro1) caching 6 this is a metho# to re#+ce the loa# on a b+s) ser3er an# the 2nternet& eb ser3er b) +sing a eb cache ser3er bet een the

0. )ransparent pro#y
The +sers are not are of the Fortigate& The clients comm+nicate to the ser3er the same a) as optimization is compatible ith 2#entif)9'ase# fire all policies also itho+t the .$! optimization: the .$!

;eep in min# that all the fire all policies are applie# before the .$! optimization policies<r+les are applie#& 5o if )o+ bloc" the traffic, it not get optimize# of co+rse

ill

)here 2 types of (A$ optimi+ation ru es: 1& $cti3e9%assi3e Mo#e 2& %eer9to9peer Mo#e

,. Acti&e -assi&e 1o'e The Fortigat Fire all on both en#s of the .$! optimization t+nnel operate in a "in# of client ser3er config+ration& The sessions are originate# on the client Fortigate an# are terminate# on the passi3e Fortigate fire all& The remote peer +ses a+to9#etection thro+gh T,% option as a #isco3er) mechanism to locate an) peers on the path to the ser3er& 2. -eer-to--eer 1o'e 2n this mo#e, both peers ha3e peer lists that incl+#es names an# 2% a##resses of the Fortigate #e3ices& 'oth Fortinet fire alls sho+l# ha3e matching r+les&

Genera H2$)! about Fortigate Firewa (A$ *ptimi+ation

1& ;eep in min# that %eer9to9%eer .$! optimization t+nnels +se port =>10& 5o if )o+ ha3e another fire all in front, #o not forget to O%?! that port& 2& Onl) one protocol can be selecte# in a .$! optimization r+le& 5o )o+ ha3e one r+le for each protocol& ?1ample0 @+le 1 for 4TT% traffic& *& Fire all traffic shaping 7A+alit) of 5er3ice8 is compatible onl) the optimization techni/+es are ignore#& ith client<ser3er7acti3e9passi3e8 transparent mo#e& For rest of the mo#es,

4& Of the fire all polic) incl+#es a threa# management profile, the pac"et is processe# b) the profile an# not b) .$! optimization& To appl) .$! optimization to traffic that is accepte# b) a fire all polic) containing a threa# management profile, m+ltiple fire all +nits or m+ltiple Fortigate 34*1 (http://www.ipspace.eu/fortinet/fortigate/fortigate-&'oms/) m+st be +se#: to #o this )o+ m+st appl) the the threa# management profile in the first FB +nit or CDOM an# appl) .$! optimization in the secon# Fortigate +nit or 34*1 (http://www.ipspace.eu/fortinet/fortigate/fortigate-&'oms/)& -& 55( is also capable of being optimize# b) +sing the .eb ,aching optimization techni/+es& The Fortinet fire all caches 4TT%s D& Fortigate is also capable of .,,% 6 .eb ,ache ,omm+nication %rotocol& Eo+ can chec" this article abo+t Fortigate .,,%& eb pages&

2f )o+ ha3e an) /+estions please let me "no & %oste# in Fortigate (http://www.ipspace.eu/category/fortinet/fortigate/), Fortinet (http://www.ipspace.eu/category/fortinet/) Tags0 fortigate optimi+ation (http://www.ipspace.eu/tag/fortigate-optimi+ation/), fortigate wan optimi+ation (http://www.ipspace.eu/tag/fortigate-wan-optimi+ation/), fortinet firewa optimi+ation (http://www.ipspace.eu/tag/fortinet-firewa optimi+ation/), fortinet wan optimi+ation (http://www.ipspace.eu/tag/fortinet-wan-optimi+ation/), wan optimi+ation fortigate
(http://www.ipspace.eu/tag/wan-optimi+ation-fortigate/)

F (hat is a Firewa (http://www.ipspace.eu/genera -security/what-is-a-firewa /) Fortigate an' (CC- (http://www.ipspace.eu/fortinet/fortigate/fortigate-an'-wccp/) G Eo+ can s"ip to the en# an# lea3e a response& %inging is c+rrentl) not allo e#&

"ea&e a %ep y
!ame 7re/+ire#8

Mail 7 ill not be p+blishe#8 7re/+ire#8

.ebsite

5+bmit ,omment 5earch

(5) (http://www.a''this.com/boo6mar6.php7&829:;winname8a''this;pub8#a-0a<9e,'=/c'>9e=0;source8tb#29:; ng8fr;s8'e icious;ur 8http?/A?2F?2Fwww.ipspace.eu?2Ffortinet?2Ffortigate-trafficoptimi+ation?2F;tit e8Fortigate?2:)raffic?2:*ptimi+ation?2:?>C?2:$etwor6?2:?2<?2:!ecurity?2:. og;ate8A)-#a0a<9e,'=/c'>9e=0/-/-/9::<ae29,fc=>2c:/,;frommenu8,;ui'89::<ae299:@e@><9;ct8,;tt8:) (5) (http://www.a''this.com/boo6mar6.php7&829:;winname8a''this;pub8#a0a<9e,'=/c'>9e=0;source8tb#29:; ng8fr;s8'igg;ur 8http?/A?2F?2Fwww.ipspace.eu?2Ffortinet?2Ffortigate-trafficoptimi+ation?2F;tit e8Fortigate?2:)raffic?2:*ptimi+ation?2:?>C?2:$etwor6?2:?2<?2:!ecurity?2:. og;ate8A)-#a-0a<9e,'=/c'>9e=0/-//9::<ae29,fc=>2c:/2;frommenu8,;ui'89::<ae292c=@@=,<;ct8,;tt8:) (http://www.a''this.com/boo6mar6.php7 &829:;winname8a''this;pub8#a-0a<9e,'=/c'>9e=0;source8tb#29:; ng8fr;s8stumb eupon;ur 8http?/A?2F?2Fwww.ipspace.eu?2Ffortinet?2Ffortigate-trafficoptimi+ation?2F;tit e8Fortigate?2:)raffic?2:*ptimi+ation?2:?>C?2:$etwor6?2:?2<?2:!ecurity?2:. og;ate8A)-#a0a<9e,'=/c'>9e=0/-/-/9::<ae29,fc=>2c://;frommenu8,;ui'89::<ae29f>c=/,,<;ct8,;tt8:) (5) (5)

(https://twitter.com/ip!paceAeu)Fo ow 1e on )witterB (https://twitter.com/ip!paceAeu)

5earch
(http://fee's.fee'burner.com/ipspace/&Hc1)

Certifications

%ecent -osts
Fortinet Csefu "in6s
(http://www.ipspace.eu/fortinet/fortinet-usefu - in6s/)

CC2D !ecurity &0 . ueprint is out (http://www.ipspace.eu/cisco/asa/ccie-security-&0-b ueprint-is-out/) Creating a Fortigate 3-$ (http://www.ipspace.eu/fortinet/creating-a-fortigate-&pn/) ip!pace Forum 7 (http://www.ipspace.eu/news/ipspace-forum/) "inu# Fi e !ystem (http://www.ipspace.eu/ inu#/ inu#-fi e-system/)

Categories
A!A (http://www.ipspace.eu/category/cisco/asa/) Ca 1anager (http://www.ipspace.eu/category/cisco/ca manager/) Fortigate (http://www.ipspace.eu/category/fortinet/fortigate/) Fortinet (http://www.ipspace.eu/category/fortinet/) Genera !ecurity (http://www.ipspace.eu/category/genera -security/) "inu# (http://www.ipspace.eu/category/ inu#/) $ews (http://www.ipspace.eu/category/news/) (in'ows (http://www.ipspace.eu/category/win'ows/)

. ogro
4anie s CC2D b og (http:// ostintransit.se) 4arrenEs CC2D mission (http://me ow'.co.u6/ccie/) 4e&irusare (http://'e&irusare.com/)

%ecent Comments
%outer!ecure (http://routersecure.com) on )witter Account (http://www.ipspace.eu/news/twitter-account/5comment-0>@2) 4anie (http://www.ipspace.eu) on Fortigate 2-! (http://www.ipspace.eu/fortinet/fortigate/fortigate-ips/5comment-0>:=) Hblastman on Fortigate 2-! (http://www.ipspace.eu/fortinet/fortigate/fortigate-ips/5comment-0>:@) 4anie (http://www.ipspace.eu) on Creating a Fortigate 3-$ (http://www.ipspace.eu/fortinet/creating-a-fortigate&pn/5comment-0<>=)

A e# (http://a e#amaran'ei.ca) on 2nsecure 1aga+ine (http://www.ipspace.eu/news/insecure-maga+ine/5comment-02@9)

Archi&es
Fune 2:,2 (http://www.ipspace.eu/2:,2/:</) 1ay 2:,2 (http://www.ipspace.eu/2:,2/:9/) Apri 2:,2 (http://www.ipspace.eu/2:,2/:0/) 1arch 2:,2 (http://www.ipspace.eu/2:,2/://) February 2:,2 (http://www.ipspace.eu/2:,2/:2/) Fanuary 2:,2 (http://www.ipspace.eu/2:,2/:,/)

Feature' 3i'eo

,op)right I $etwor6 ; !ecurity . og (http://www.ipspace.eu) 9 2tJs all abo+t 5ec+rit) %o ere# b) (or'-ress (http://wor'press.org/) K Designe# b)0 !hare-oint Hosting (http://www.apps0rent.com/sharepoint.htm ) K Than"s to .usiness Dmai Hosting (http://businessemai hosting.com/), -roGect !er&er Hosting (http://proGectser&erhosting.com/) an# Hoste' 3irtua 4es6top (http://&irtua 'es6topon ine.com/hoste'-'es6top/) A!A (http://www.ipspace.eu/category/cisco/asa/) Ca 1anager (http://www.ipspace.eu/category/cisco/ca manager/) Cata yst !witches (http://www.ipspace.eu/category/cisco/switches/) FortiAna y+er (http://www.ipspace.eu/category/fortinet/fortiana y+er-fortinet/) Fortigate (http://www.ipspace.eu/category/fortinet/fortigate/) Fortimai (http://www.ipspace.eu/category/fortinet/fortimai /) %e'Hat (http://www.ipspace.eu/category/ inu#/re'hat/) Cbuntu (http://www.ipspace.eu/category/ inu#/ubuntu/)