Inside FortiOS WAN Optimization

Inside FortiOS WAN Optimization
WAN Optimization
Enterprises deploying FortiOS to protect traffic between locations or via the cloud can
leverage WAN optimization to provide fast and secure application responses.
Centralize without compromising your WAN performance
Many multi-location enterprise environments reduce costs and consolidate resources by centralizing applications
or providing applications in the cloud. Efficient and high-speed communication between applications and their
users is critical. Remote sites don’t always have access to high bandwidth, but users at all sites expect consistent
network performance. Minimizing user impact and improving performance is especially vital when applications
designed for local area networks (LANs) are on the cloud.
Even applications that work fine on a local LAN, such as Windows File Sharing (CIFS), email exchange (MAPI),
and many others, suffer from bandwidth limitations and latency issues when accessed over a wide area network
(WAN). This results in a loss of productivity and a perceived need for expensive network upgrades. FortiOS’s WAN
Optimization provides an inexpensive and easy to deploy solution.
FortiOS is commonly deployed in central offices, satellite offices, and in the cloud to provide secure
communications across a WAN using IPsec or SSL VPN. This installed infrastructure can be leveraged to add more
value by using WAN Optimization to secure WAN traffic.
FortiOS WAN Optimization
FortiOS includes license-free WAN
Optimization on most current FortiGate
devices. Multi-location organizations
or businesses using the cloud can now
provide WAN Optimization using FortiOS.
WAN Optimization is a comprehensive
solution that maximizes your WAN
performance and provides intelligent
bandwith management and unmatched
consolidated security performance.
WAN Optimization reduces your network
overhead and removes unneccessary traffic
for a better overall performance experience.
Efficient use of bandwidth and better
application performance will remove the
need for costly WAN link upgrades between
data centers and other expensive solutions
for your network traffic growth.
FORTINET - Inside FortiOS/WANOp/201303
Protocol optimization
Protocol optimization is effective for applications designed for the LAN that do not function well on low bandwidth
high latency networks. FortiOS protocol optimization improves the efficiency of CIFS, FTP, HTTP, MAPI, and general
TCP sessions.
For example, CIFC, which is a fairly “chatty” protocol, requires many background transactions to successfully
transfer a single file. When transferring the file, CIFS sends small chunks of data and waits sequentially for each
chunk’s arrival and acknowledgment before sending the next. This large amount of request/acknowledgement
traffic can delay transfers. FortiOS CIFS WAN Optimization removes this chatiness and gets on with the job of
transferring the file.
TCP protocol optimization uses techniques such as SACK support, window scaling and window size adjustment,
and connection pooling to remove common WAN TCP bottlenecks.
Web caching
In a multi-location environment, multiple users at each location will often want to look at the same content (for
example, a sales spreadsheet or a corporate presentation). Each time a user gets information from the central file
repository, it uses precious resources as the file is downloaded over the WAN. FortiOS WAN Optimization reduces
download times by adding web caching to WAN Optimization tunnels. Web caching stores remote files and web
pages on local FortiGate devices for easy local access to repetitively accessed files. There is zero impact on the
WAN, resulting in reduced latency for the file requester.
FortiOS Web Caching also recognizes requests for Windows or MS-Office updates and downloads the new update
file in the background. Once downloaded to the cache, the new update file is available to all users and all subsequent requests for this update are rapidly downloaded from the cache.
Byte caching
Byte caching improves caching by accelerating the transfer of similar, but not identical content. Byte caching
accelerates multiple downloads of different email messages with the same corporate disclaimer by downloading
the disclaimer over the WAN once and then downloading all subsequent disclaimers from a local FortiGate unit.
Byte caching reduces the amount of data crossing the WAN when multiple different emails with the same or similar
attachments or different versions of an attachment are downloaded from a corporate email server to different
locations over the WAN.
FORTINET - Inside FortiOS/WANOp/201303
Data Deduplication
Byte caching breaks large units
of application data, like an email
attachment or a file download, into
manageable small chunks of data.
Each chunk of data is labeled
with a hash, and chunks with their
respective hashes are stored in a
database on the local FortiGate
unit. When a remote user request
a file, the WAN Optimization
sends the hashes, rather than the
actual data. The FortiGate unit at
the other end of the WAN tunnel
reassembles the data from its own
hash database, only downloading
chunks that it is missing.
Deduplication, or the process of
eliminating duplicate data, will
reduce space consumption.
In addition to reducing the amount of data downloaded across the WAN, byte caching is not application specific
and assists by accelerating all of the protocols supported by WAN Optimization.
Dynamic data chunking
Dynamic data chunking detects and optimizes persistent data chunks in changed files or in data embedded in
traffic that uses an unknown protocol. For example, dynamic chunking can cache data in Lotus notes traffic and
make the data chunks available for email and other protocols.
SSL acceleration
SSL is used by many organizations to keep WAN communications private. WAN Optimization boosts SSL
acceleration properties of FortiGate FortiASIC hardware by accelerating SSL traffic across the WAN. The FortiGate
unit handles SSL encryption/decryption for corporate servers providing SSL encrypted connections over the WAN.
VPN replacement
FortiOS WAN optimization supports secure SSL-encrypted tunnels between FortiGate units on the WAN.
Employing secure WAN Optimization tunnels can replace IPsec VPNs between sites. The result is a single, relatively
simple configuration that supports optimization and privacy of communication across the WAN and uses FortiGate
SSL acceleration to provide high performance.
Road warriors and home workers
The drive to give employees greater flexibility and reduce operational costs has led to more remote workers, both
at home and on the road. Whether accessing the office from a hotel, public wireless hotspot, or home, the problem
is the same: low bandwidth and high latency harming application performance. WAN Optimization is integrated
into FortiClient, which can be installed on PCs and wireless devices to optimize communication between remote
workers and their offices.
Reduce your...
•Capital outlay - Organizations only need to purchase a single device per location.
•Licensing costs - WAN Optimization is included with FortiOS. Additional licenses are not needed.
•Network complexity - Small offices that may not have the space or power connections for multiple devices do
not need to worry: no additional devices are required.
FORTINET - Inside FortiOS/WANOp/201303
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF