SD-WAN
Strata Cloud Manager
Table of Contents
Expand All
|
Collapse All
SD-WAN Docs
-
- SD-WAN Deployment Workflow
-
- Add SD-WAN Branch or Hub Firewall
- Configure Certificate-based Authentication for Strong Security
- Quickly Add Multiple SD-WAN Devices with Bulk Import
- Configure SD-WAN Devices in HA Mode
- Onboard PAN-OS Firewalls to Prisma Access for Cloud-based Security
- Plan Your Topology for SD-WAN with Auto VPN
- Create a Full Mesh VPN Cluster with DDNS Service
- Create a Static Route for SD-WAN
- Configure Advanced Routing for SD-WAN
Strata Cloud Manager
Configure an SD-WAN policy rule in Strata Cloud Manager.
An SD-WAN policy rule specifies applications and services, and a
traffic distribution profile to determine how the firewall selects the preferred
path for an incoming packet that doesn’t belong to an existing session and that
matches all other criteria, such as source and destination zones, source and
destination IP addresses, and source user. The SD-WAN policy rule
also specifies a path quality profile of thresholds for latency, jitter, and packet
loss. When one of the thresholds is exceeded, the firewall selects a new path for
one or more applications, services, or both.
- Log in to Strata Cloud Manager.
- Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesSD-WAN Policy and select the branch folder for which you want to create the SD-WAN policy rule.
- Add Rule and select whether to create a Pre Rule or Post Rules.A pre-rule is a policy rule that always comes before any policy rules configured locally on the firewall. A post-rule is a policy rule that always comes after any policy rules configured locally on the firewall.
- Configure the policy rule Source match criteria.If you’re adding a zone, Select one or more of the predefined zones you created when setting up SD-WAN.Additionally, you can configure any Addresses or Users as needed.
- Configure the policy rule Destination match criteria.If you’re adding a zone, Select one or more of the predefined zones you created when setting up SD-WAN.Additionally, you can configure any Addresses or Users as needed.
- Configure the Application/Service to specify which applications or services the SD-WAN policy rule applies to and to associate your link Management Profiles.
- For Application, select Any or Select applications, application groups, or application filters.
- For Service, select Application Default, Any or Select any custom services you’ve configured.
- Select a predefined Path Quality Profile to specify the latency, jitter, and packet loss parameters indicate path health.
- (Optional) Select a SaaS Quality Profile you created when you created your SD-WAN link Management Profiles to specifies how software-as-a-service applications are monitored if your branch firewall has a Direct internet Access (DIA) link to a SaaS application.
- Configure the corrective Action the firewall takes when a link health is degraded and failover is required.
- Select a Traffic Distribution Profile to specify how the firewall selects paths for session load distribution and for path failover when the firewall detects a brownout, blackout, or path deterioration for an application.
- Select an Error Correction Profile to specify the corrective action the firewall takes when certain data transmission errors occur over noisy communication lines to improve data reliability without requiring retransmission or Packet Duplication to duplicate application sessions from one tunnel to another.
- Save.
- Push Config to push your configuration changes.