Measuring application performance and delivering app SLAs is a core component of

Prisma SD-WAN

. Performance Policy builds upon the existing App SLA configuration to deliver a policy framework for the measurement, enforcement, and alerting for application SLAs.

Performance Policy utilizes link quality metrics such as Latency, Loss, and Jitter as well as application performance metrics such as Application RTT and Init failure % as SLA metrics. If the SLA metrics are violated, the system takes action to ensure that the SLA is enforced including moving flows to a compliant path (if available) and invoking line conditioning such as Forward Error Correction (FEC) to ensure the SLA is met. Optionally, an incident can be generated for critical applications when an SLA is violated. Although default policies work well for most environments, policies can be granularly tuned per application, path type, DC group, and circuit category to align to the performance needs of the business.

Prisma SD-WAN

supports the discovery of devices that are not directly connected to the

Prisma SD-WAN

branch ION devices by using SNMP (Simple Network Management Protocol) to discover IoT devices within a branch network.

The system uses LLDP (Link Layer Discovery Protocol) to identify neighboring networking devices in a branch ION, launching an SNMP MIB to gather IP address and MAC Address entries. SNMP discovery involves querying LLDP information for IP and MAC address bindings, retrieving data from neighboring devices one by one until it discovers all the IoT devices. The ION device transmits these discovered bindings, alongside VLAN, subnet details, and so on, as Enhanced Application logs (EAL) to Cortex Data Lake (CDL). IoT Security uses this information to enhance visibility in its portal by identifying the devices.

You can now suppress incidents for a selected period of time using Incident Policies. With incident policy rules, you can specify the dampening interval during which the system suppresses events generated by resources during the specified period.

Prisma SD-WAN

supports ION 3200 with Layer 2 switch. The Layer 2 switch ports enable connecting multiple devices directly on the L2 LAN or add downstream switches or Wireless Access Points (WAP).

Generation One ION devices use the control port to exchange HA heartbeat and manage the controller traffic between the active and the standby device. With the introduction of used-for-HA (referred to as

Used-for-Control

in earlier releases) as a port type, the NextGen ION devices such as the ION 1200-S, ION 3200, ION 5200, ION 9200 do not need a dedicated controller port for the management services. The

used-for-HA

interface allows you to exchange HA heartbeat and connect the standby device to the controller through the active ION device. You can use the control interface to send management traffic like App Probe, NTP, SNMP, RADIUS, and IPFIX.

Support for

used-for-HA

capability is extended on the main interface on all routed ports. This capability was available on SVI and sub-interfaces in the previous release. Used for HA is supported on all the ION devices.

Prisma SD-WAN

now supports IPv6 for BGP.