Focus

Next-Generation Firewall

Configure an SD-WAN Policy Rule

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

Create SD-WAN Link Management Profiles

Cheat Sheet: GlobalProtect for Cloud Management of NGFWs

Configure an SD-WAN Policy Rule

Configure an SD-WAN policy rule to specify how the firewall selects preferred paths for applications and services.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
`NGFW (Managed by Strata Cloud Manager)` `VM-Series, funded with Software NGFW Credits`	`AIOps for NGFW Premium license (use the Strata Cloud Manager app)` `Prisma Access` license

An SD-WAN policy rule specifies applications and services, and a traffic distribution profile to determine how the firewall selects the preferred path for an incoming packet that doesn’t belong to an existing session and that matches all other criteria, such as source and destination zones, source and destination IP addresses, and source user. The SD-WAN policy rule also specifies a path quality profile of thresholds for latency, jitter, and packet loss. When one of the thresholds is exceeded, the firewall selects a new path for one or more applications, services, or both.

Strata Cloud Manager

Create SD-WAN Link Management Profiles.

Select

Manage

Configuration

NGFW and Prisma Access

Security Services

SD-WAN Policy

and select the branch folder for which you want to create the SD-WAN policy rule.

Add Rule

and select whether to create a

Pre Rule

Post Rules

A pre-rule is a policy rule that always comes before any policy rules configured locally on the firewall. A post-rule is a policy rule that always comes after any policy rules configured locally on the firewall.

Configure the policy rule

Source

match criteria.

If you’re adding a zone,

Select

one or more of the predefined zones you created when setting up SD-WAN.

Additionally, you can configure any Addresses or Users as needed.

Configure the policy rule

Destination

match criteria.

If you’re adding a zone,

Select

one or more of the predefined zones you created when setting up SD-WAN.

Additionally, you can configure any Addresses or Users as needed.

Configure the Application/Service to specify which applications or services the SD-WAN policy rule applies to and to associate your link Management Profiles.

For

Application

, select

Any

Select

applications, application groups, or application filters.

For

Service

, select

Application Default

Any

Select

any custom services you’ve configured.

Select a predefined

Path Quality Profile

to specify the latency, jitter, and packet loss parameters indicate path health.

(Optional) Select a

SaaS Quality Profile

you created when you created your SD-WAN link Management Profiles to specifies how software-as-a-service applications are monitored if your branch firewall has a Direct internet Access (DIA) link to a SaaS application.

Configure the corrective

Action

the firewall takes when a link health is degraded and failover is required.

Select a

Traffic Distribution Profile

to specify how the firewall selects paths for session load distribution and for path failover when the firewall detects a brownout, blackout, or path deterioration for an application.

Select an

Error Correction Profile

to specify the corrective action the firewall takes when certain data transmission errors occur over noisy communication lines to improve data reliability without requiring retransmission or Packet Duplication to duplicate application sessions from one tunnel to another.

Save

Push Config

to push your configuration changes.

Create SD-WAN Link Management Profiles

Cheat Sheet: GlobalProtect for Cloud Management of NGFWs

Next-Generation Firewall Docs

Configure an SD-WAN Policy Rule

Next-Generation Firewall Docs

Configure an SD-WAN Policy Rule

Recommended For You

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner