Next-Generation Firewall
Configure an SD-WAN Policy Rule
Table of Contents
Configure an SD-WAN Policy Rule
Configure an SD-WAN policy rule to specify how the firewall selects preferred paths
for applications and services.
Contact your account team to enable Cloud Management for NGFWs using
Strata Cloud Manager.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of these:
|
An SD-WAN policy rule specifies applications and services, and a traffic distribution
profile to determine how the firewall selects the preferred path for an incoming
packet that doesn’t belong to an existing session and that matches all other
criteria, such as source and destination zones, source and destination IP addresses,
and source user. The SD-WAN policy rule also specifies a path quality profile of
thresholds for latency, jitter, and packet loss. When one of the thresholds is
exceeded, the firewall selects a new path for one or more applications, services, or
both.
- Log in to Strata Cloud Manager.Create SD-WAN Link Management Profiles.Select and select the branch folder for which you want to create the SD-WAN policy rule.Add Rule and select whether to create a Pre Rule or Post Rules.A pre-rule is a policy rule that always comes before any policy rules configured locally on the firewall. A post-rule is a policy rule that always comes after any policy rules configured locally on the firewall.Configure the policy rule Source match criteria.If you’re adding a zone, Select one or more of the predefined zones you created when setting up SD-WAN.Additionally, you can configure any Addresses or Users as needed.Configure the policy rule Destination match criteria.If you’re adding a zone, Select one or more of the predefined zones you created when setting up SD-WAN.Additionally, you can configure any Addresses or Users as needed.Configure the Application/Service to specify which applications or services the SD-WAN policy rule applies to and to associate your link Management Profiles.
- For Application, select Any or Select applications, application groups, or application filters.For Service, select Application Default, Any or Select any custom services you’ve configured.Select a predefined Path Quality Profile to specify the latency, jitter, and packet loss parameters indicate path health.(Optional) Select a SaaS Quality Profile you created when you created your SD-WAN link Management Profiles to specifies how software-as-a-service applications are monitored if your branch firewall has a Direct internet Access (DIA) link to a SaaS application.Configure the corrective Action the firewall takes when a link health is degraded and failover is required.
- Select a Traffic Distribution Profile to specify how the firewall selects paths for session load distribution and for path failover when the firewall detects a brownout, blackout, or path deterioration for an application.Select an Error Correction Profile to specify the corrective action the firewall takes when certain data transmission errors occur over noisy communication lines to improve data reliability without requiring retransmission or Packet Duplication to duplicate application sessions from one tunnel to another.Save.Push Config to push your configuration changes.
