Create profiles to apply to sets of applications and services specified in SD-WAN policy rules.

SD-WAN allows you to create a path quality profile for each set of applications, application filters, application groups, services, service objects, and service group objects that have unique network quality requirements and reference the profile in an SD-WAN policy rule. In the profile you set maximum thresholds for three parameters: latency, jitter, and packet loss. When an SD-WAN link exceeds any one of the thresholds, the firewall selects a new best path for packets matching the SD-WAN rule where you apply this profile.

SD-WAN allows you to create Software-as-a-Service (SaaS) quality profiles to measure the path health quality between your hub or branch firewall and server-side SaaS applications in order to accurately monitor SaaS application reliability and swap paths should the path health quality degrade. This allows the firewall to accurately determine when to failover to a different Direct Internet Access (DIA) link.

The SaaS quality profile allows you to specify the SaaS application to monitor using an adaptive learning algorithm that monitors the application activity, or by specifying a SaaS application using the application IP address, FQDN, or URL.

For this Traffic Distribution profile, select the method the firewall uses to distribute sessions and to fail over to a better path when path quality deteriorates. Add the Link Tags that the firewall considers when determining the link on which it forwards SD-WAN traffic. You apply a Traffic Distribution profile to each SD-WAN policy rule you create.

If your SD-WAN traffic includes an application that is sensitive to packet loss or corruption, such as audio, VoIP, or video conferencing, you can apply either Forward Error Correction (FEC) or packet duplication as a means of error correction. With FEC, the receiving firewall (decoder) can recover lost or corrupted packets by employing parity bits that the encoder embeds in an application flow. Packet duplication is an alternative method of error correction, in which an application session is duplicated from one tunnel to a second tunnel. To employ one of these methods, create an Error Correction Profile and reference it in an SD-WAN policy rule for specific applications.

(You must also specify which interfaces are available for the firewall to select for error correction by indicating in an SD-WAN Interface Profile that interfaces are Eligible for Error Correction Profile interface selection.)

Create an SD-WAN interface profile to define the characteristics of ISP connections and to specify the speed of links and how frequently the firewall monitors the link, and specify a Link Tag for the link. When you specify the same Link Tag on multiple links, you are grouping (bundling) those physical links into a link bundle or fat pipe. You must configure an SD-WAN interface profile and specify it for an Ethernet interface enabled with SD-WAN before you can save the Ethernet interface.

Create a link tag to identify one or more physical links that you want applications and services to use in a specific order during SD-WAN traffic distribution and failover protection. Grouping multiple physical links allows you to maximize the application and service quality if the physical link health deteriorates.

When planning how to group your links, consider the use or purpose of the links and group them accordingly. For example, if you are configuring links intended for low-cost or non-business-critical traffic, create a link tag and group these interfaces together to ensure that the intended traffic flows primarily on these links, and not on more expensive links that may impact business-critical applications or services.