Tag Archives: forticache 4.0 administration guide

FortiCache 4.0.1 Administration Guide

Introduction

FortiCache high performance web caching appliances address bandwidth saturation, high latency, and poor performance caused by caching popular internet content locally for carriers, service providers, enterprises, and educational networks. FortiCache appliances reduce the cost and impact of cached content on the network while increasing performance and the end-user experience by improving the speed of delivery of popular repeated content.

About this document

This document contains the following sections:

  • Introduction l Concepts l System Administration l Policy & Objects l Objects l Security Profiles l User Authentication l WAN Optimization and Web Caching
  • WCCP
  • Logging

Concepts

FortiCache web caching is a form of object caching that accelerates web applications and web servers by reducing bandwidth usage, server load, and perceived latency.

Web caching involves storing HTML pages, images, videos, servlet responses, and other web-based objects for later retrieval. These objects are stored in the web cache storage location defined by the config wanopt storage command. You can also go to System > Config > Disk to view the storage locations on the FortiCache unit hard disks.

There are three significant advantages to using web caching to improve HTTP performance:

  • reduced bandwidth consumption because fewer requests and responses go over the WAN or Internet l reduced web server load because there are fewer requests for web servers to handle l reduced latency because responses for cached requests are available from a local FortiCache unit instead of from across the WAN or Internet.

When enabled in a web caching policy, the FortiCache unit caches HTTP traffic processed by that policy. A web caching policy specifies the source and destination addresses and destination ports of the traffic to be cached.

Web caching caches compressed and non-compressed versions of the same file separately. If the HTTP protocol considers the compressed and uncompressed versions of a file the same object, only the compressed or uncompressed file will be cached.

You can also configure a FortiCache unit to operate as a Web Cache Communication Protocol (WCCP) client. WCCP provides the ability to offload web caching to one or more redundant web caching servers.

This chapter describes:

  • Web caching topologies l WCCP topologies l Content Analysis Service

Web caching topologies

FortiCache web caching involves one or more FortiCache units installed between users and web servers. The FortiCache unit can operate in both Network Address Translator (NAT) and transparent modes. The FortiCache unit intercepts web page requests accepted by web cache policies, requests web pages from the web servers, caches the web page contents, and returns the web page contents to the users. When the FortiCache unit intercepts subsequent requests for cached web pages, the FortiGate unit contacts the destination web server just to check for changes.

Most commonly the topology uses a router to route HTTP and HTTPS traffic to be cached to one or more FortiCache units. Traffic that should not be cached bypasses the FortiCache units. This is a scalable topology that allows you to add more FortiCache units if usage increases.

Web caching topologies                                                                                                                      Concepts

Web caching topology with web traffic routed to FortiCache units

You can also configure reverse proxy web-caching. In this configuration, users on the Internet browse to a web server installed behind a FortiCache unit. The FortiCache unit intercepts the web traffic (HTTP and HTTPS) and caches pages from the web server. Reverse proxy web caching on the FortiGate unit reduces the number of requests that the web server must handle, leaving it free to process new requests that it has not serviced before. Since all traffic is to be cached the FortiCache unit can be installed in Transparent mode directly between the web server and the Internet.

Reverse proxy web caching topology

The reverse proxy configuration can also include a router to route web traffic to a group of FortiCache units operating in Transparent Mode. This is also a scalable solution for reverse proxy web caching.

Reverse proxy web caching topology with web traffic routed to FortiCache unit

When web objects and video are cached on the FortiCache hard disk, the FortiCache unit returns traffic back to client using cached object from cache storage. The clients do not connect directly to the server.

When web objects and video are not available in the FortiCache hard disk, the FortiCache unit forwards the request to original server. If the HTTP response indicates it is a cacheable object, the object is forwarded to cache storage and the HTTP request is served from cache storage. Any other HTTP request for the same object will be served from cache storage as well.

The FortiCache unit forwards HTTP responses that cannot be cached from the server back to the client that originated the HTTP request.

 

Concepts                                                                                                                                 WCCP topologies

All non-HTTP traffic and HTTP traffic that is not cached by FortiCache will pass through the unit. HTTP traffic is not cached by the FortiCache unit if a web cache policy has not been added for it.

WCCP topologies

You can operate a FortiCache unit as a WCCP cache engine. As a cache engine, the FortiCache unit returns the required cached content to the client web browser. If the cache server does not have the required content, it accesses the content, caches it, and returns the content to the client web browser.

WCCP topology

WCCP is transparent to client web browsers. The web browsers do not have to be configured to use a web proxy.

Content Analysis Service

FortiGuard Content Analysis Service is a licensed feature for the real-time analysis of images in order to detect adult content. Detection of adult content in images uses various patented techniques (not just color-based), including limb and body part detection, body position, etc.

Once detected, such content can be optionally blocked or reported.

Please contact your Fortinet Account Manager should you require a trial of this service. You can purchase this service from support.fortinet.com.

For configuration information, see Content Analysis on page 101.