Manual Chapter : WANJet User Guide version 4.0: Installation - 3

Applies To:

Show Versions Show Versions


  • 4.0.0
Manual Chapter



WANJet appliance deployment

This chapter provides key information about the WANJet appliance installation and configuration guidelines. There are several ways to deploy a WANJet appliance on your network. The options consist of:

  • In-line deployment, in one of the following configurations:
    • Point-to-point
    • Point-to-multi-point
  • One-arm deployment

The way you choose to deploy the WANJet appliance depends on your current network topology and requirements.

In-line deployment

In-line deployment is the most basic way to deploy the WANJet appliance. You can scale in-line deployment from a simple point-to-point configuration to a point-to-multi-point configuration.

Point-to-point configuration

Point-to-point configuration is the simple one-to-one topology where an F5 appliance is placed at each end of the WAN between the respective WAN Router and LAN Switch. Each WANJet appliance is configured to search for traffic matching specified source and destination subnets. If the local WANJet appliance detects a match, then traffic is processed and sent down a WANJet tunnel to the remote WANJet appliance that reverses the process and delivers the packets exactly as they were. If there is no match, the local WANJet appliance acts as a bridge, and passes the packets unaltered to the WAN.

Figure 3.1 In-line deployment in point-to-point configuration

Point-to-multi-point configuration

Point-to-multi-point configuration involves three or more F5 appliances. Figure 3.2 illustrates a deployment that consists of five appliances that are connected to each other across intranets and the internet.

As with the point-to-point configuration, the WANJet appliance processes traffic that matches user-specified source and destination subnets, and then delivers it across the WAN through a tunnel to the appropriate WANJet appliance.



Figure 3.2 In-line deployment in a point-to-multi-point configuration

One-arm deployment

A one-arm deployment is more complex than an in-line deployment. To decide on the optimal configuration for your system, it helps to understand the three types of one-arm deployment.

  • Using static routing
    The WANJet is connected to the LAN switch, and the LAN switch is in turn connected to all of the clients on the network, as well as to the router. Every client on the LAN is configured with the WANJet appliance as its default gateway. All client traffic is routed to the WANJet appliance.
  • You can configure the WANJet appliance to optimize specific traffic, apply different services on specific traffic, and leave other traffic untouched. The WANJet appliance sends all this traffic back to the router.

  • Using transparent proxy statically
    The WANJet appliance is connected to the router directly and is transparent to the rest of the LAN clients.
  • The router (as per a configured routing rule) directs to the WANJet appliance only traffic that the WANJet appliance is configured to process (optimize or applying specific services). The router is configured so that the passthrough traffic is not sent to the WANJet appliance. If you do not configure the router in this way, the passthrough traffic sent to the WANJet appliance is dropped. In accordance with the WANJet configuration, it optimizes specific traffic, and then sends all the traffic back to the router.

  • Using transparent proxy with the WCCP v2 protocol
    The WANJet appliance is connected to the router directly and is transparent to the LAN clients. All LAN traffic is routed to the WANJet appliance. This part is identical to static transparent proxy.
  • The difference is that the WANJet appliance communicates with the router using the WCCP v2 protocol. In accordance to its configuration, the WANJet appliance determines which traffic to optimize, and which traffic to apply services to. The rest of the traffic is sent back to the router for proper handling.

    The advantage to this deployment method is that it is more tolerant of a failure. If the WANJet appliance is down, the router compensates and handles the traffic properly without sending it back to the WANJet appliance.

Firewall guidelines

If the WANJet appliance is placed behind a firewall, you must open certain ports. Table 3.1 lists the ports that you must open to allow the traffic to pass through the firewall.

Table 3.1 Ports to open when the WANJet appliance is behind a firewall
Port Number
Used for
A UDP port used for DNS.
A UDP port used for SNMP.
An optional UDP port used for SNMP traps.
A TCP port used for SSH.
A TCP port used by the Web UI for managing the WANJet appliance.
The default port used by the WANJet appliance to send real-time chart data.
The default port used by the WANJet appliance for managing connections.
The default port used by the WANJet appliance for TCP data tunnels.
The default port used by the WANJet appliance to proxy UDP over TCP.


You must also allow the ICMP protocol to pass through the firewall, so that the WANJet appliance can be pinged.

Hardware installation

See the Quick Start Card for the F5 WANJet 200 or WANJet 400 appliance for information about installing WANJet appliances and connecting them to your network.

Site information worksheet

Use the following site information sheet to capture all relevant site data. When you complete the site information sheet, attach a detailed network diagram for each WANJet appliance site.


State/Province, Country:
Contact Person:
Work phone: Cell Phone:
Speed in Kb/s:
Utilization %: Peak Average
Router Information:
Make: Model:
Routing Protocols Used:
Static Routing Table Rules:
Switch Information:
Make: Model:
WANJet Information:
Alias IP:
Subnet Mask:
Default Gateway:
Local Network:
Alias: IP: Subnet Mask:
Alias: IP: Subnet Mask:
Alias: IP: Subnet Mask:
Remote Network:
Alias: IP: Subnet Mask:
Alias: IP: Subnet Mask:
Alias: IP: Subnet Mask: