Applications are at the core of the
Prisma SD-WAN solution. ION devices deployed in the network
actively analyze each application flow to ensure that policies
for performance, compliance, and security are maintained, and
optimum network connections are used for each flow. The ION
device uses application definitions and fingerprinting
technologies for path selection, QoS, and firewall policies.
System applications are available by default,
whereas you can configure custom applications for your
enterprise requirements.
Circuit categories are a logical grouping of various
kinds of circuits and connectivity that may be present in the
network. This grouping allows for simplified and reusable
network policy rules for the entire network. For example,
internet cable broadband, metered internet LTE links, satellite
internet links, internet DSL, or private MPLS.
Network
context segments network traffic for the purpose of applying
different network policy rules for the same application. A rule
with a network context always takes precedence over a rule
without a network context. You may create one or more network
contexts, but an individual LAN network can belong to only one
network context. You must attach the network contexts to the
appropriate LAN segments to be effective.
Use Service & DC Groups to map third-party
endpoints to groups to allow flexibility when creating network
policy rules to account for uniqueness across sites. The intent
is that the policy rules remain the same regardless of the site
location.
Security
Zones specify enforcement boundaries where traffic is subject to
inspection and filtering. Each security zone maps to networks
attached to physical interfaces, logical interfaces, or
sub-interfaces of a device. These zone-level interfaces serve as
a proxy for physical circuits and virtual circuits, such as
VLAN, Layer 3 VPN, and Layer 2 VPN circuits.
Site
configuration template helps you to create tailored site
templates that cater to your deployment requirements, allowing
you to efficiently deploy branches and data centers at scale
with ease. Using this template, you can deploy multiple sites.
You can use an existing template, edit an existing one or create
a new template to deploy multiple sites.
A prefix
is a group of one or more individual IP addresses or IP address
subnets. Prefixes are used with Path Set Policies and Priority
Policies. They can be either global or local in scope.
Configuration Profiles
Use configuration
profiles to configure settings for different types of
resources.
An
IPFIX profile is a global IPFIX configuration object
which identifies collector configuration, filter
configuration, the template for exporting flow
information elements, and flow sampler
configuration.
Create
an Access Point Name (APN) profile to define the
network path for cellular data connectivity. APN
information is required to connect to a cellular
network.
Configure a Domain Name System (DNS)
Profile to specify configuration parameters for the
DNS service. Commonly configured parameters include
DNS Servers, Domain to Address Mapping, Cache
Configuration, and DNSSEC Configuration. After the
DNS service profile is created, it is bound to a
device.
Use IoT device visibility to
identify devices in your network. Prisma SD-WAN
branch ION devices inspect packets, extract
information, and generate messages to send to Strata Logging Service in a specific format.
