Prisma SD-WAN has supported dynamic probing for TCP applications when it detected 3-way handshake failures. The ION device generates these dynamic probes to verify whether a destination service is up or down on that path. If verified as down, the ION device avoids sending additional user requests for the service on the specific path, while continuing to generate synthetic probes to detect any change in service reachability.

Starting with Release 6.3.2, Prisma SD-WAN supports this functionality for UDP DNS traffic along with DNS health visibility also.

The application probes handle DNS probe requests and start a DNS probe on the destination on receiving a DNS probe request. If the DNS server responds to the request, irrespective of whether it responds with the requested domain name, the ION device treats the probe as successful. If the DNS server does not respond, the application probe notifies the flow controller to change the path.

When the probe detects that the DNS server is unreachable, the ION device continues probing once every minute for the first three probes and then once every 5 minutes. If the probe is successful again, the probe notifies the flow controller to use the path again.