Focus

Next-Generation Firewall

Set Up SD-WAN

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

SD-WAN

Configure SD-WAN

Set Up SD-WAN

Set up SD-WAN on

Strata Cloud Manager

for Palo Alto Networks Next-Generation Firewalls.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
`NGFW (Managed by Strata Cloud Manager)` `VM-Series, funded with Software NGFW Credits`	`AIOps for NGFW Premium license (use the Strata Cloud Manager app)`

Set up a Software-Defined Wide Area Network (SD-WAN) on

Strata Cloud Manager

for your Palo Alto Networks Next-Gen Firewalls (NGFW).

Strata Cloud Manager

Onboard your SD-WAN firewalls to .

All newly added firewalls are added the

All Firewalls

folder by default.

Activate the SD-WAN license on your firewall.

Create the SD-WAN folders for hub and branch firewalls.

Separate folders for your hub and branch firewalls are required to containing all SD-WAN configuration objects specific to hub and branch firewall deployments.

Select

Workflows

NGFW Setup

Folder Management

and

Add Folder

Add new folders for your hub and branch SD-WAN firewalls.

In Folder Management, locate your hub and branch firewalls and expand the Actions menu to

Move

your firewalls.

For the

Destination

, select the hub or branch folder you created and

Move

Create the four predefined SD-WAN zones.

SD-WAN policy rules use predefined zone for internal path selection and traffic forwarding purposes. Create the following predefined SD-WAN zones. Repeat this step to create all four required predefined SD-WAN zones.

zone-to-branch

zone-to-hub

zone-internal

zone-internet

Create link tags.

Create a link tag to identify one or more physical links that you want applications and services to use in a specific ordering during SD-WAN traffic distribution and failover protection. Grouping multiple physical links allows you to maximize the application service quality if the physical link health deteriorates.

Select

Manage

Configuration

NGFW and Prisma Access

Security Services

SD-WAN Policy

Link Tags

and create your link tags at the

All Firewalls

Context Scope.

Palo Alto Networks recommends creating all link tags at the

All Firewalls

folder level to ensure link tags are available to all SD-WAN firewalls regardless of the folder they’re associated with.

Add Tag

Enter a

Name

and select a

Color

to identify the link tag.

Save

Configure SD-WAN.

SD-WAN

Configure SD-WAN

Next-Generation Firewall Docs

Set Up SD-WAN

Next-Generation Firewall Docs

Set Up SD-WAN

Recommended For You

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner