End-of-Life (EoL)

SaaS Application Path Monitoring

Configure a Software-as-a-Service (SaaS) Quality profile to specify a SaaS application for a hub firewall with a Direct Internet Access (DIA) link.
If your branch firewall has a Direct Internet Access (DIA) link to a Software-as-a-Service (SaaS) application, create a SaaS Quality profile to specify how one or more SaaS applications should be monitored. SaaS Quality profiles are associated with an SD-WAN policy rule to determine how the branch firewall determines the path quality thresholds for latency, jitter, and packet loss and selects the preferred path for an outgoing packet.
The SaaS Quality profile supports up to four static IP addresses, or one fully qualified domain name (FQDN) or URL per SaaS Quality profile. When multiple static IP addresses are configured, the branch firewall monitors one IP address at a time in a cascading order based on how the IP addresses are ordered in the SaaS Quality profile. For example, if you add IP1, IP2, IP3, and IP4, the branch firewall monitors IP1 to determine if the path quality thresholds have been exceeded, then continues to IP2, and so forth.
  1. Select
    Objects
    SD-WAN Link Management
    SaaS Quality Profile
    and specify the
    Device Group
    containing your SD-WAN configuration.
  2. Add
    a new SaaS quality profile.
  3. Enter a descriptive
    Name
    for the SaaS Quality profile.
  4. (
    Optional
    ) Enable (check)
    Shared
    to make the SaaS Quality profile shared across all device groups.
  5. (
    Optional
    ) Enable (check)
    Disable override
    to disable overriding the SaaS Quality profile configuration on the local firewall.
    Disable override
    can only be enabled if
    Shared
    is disabled in the previous step.
  6. Configure the SaaS Monitoring Mode.
    • Automatically monitor the SaaS application path health.
      Enabled by default,
      Adaptive
      monitoring allows the branch firewall to passively monitor the SaaS application session for send and receive activity to determine if the path quality thresholds have been exceeded. The SaaS application path health quality is automatically determined without any additional health checks on the SD-WAN interface.
      Adaptive SaaS monitoring is supported only for TCP SaaS applications.
    • Configure the Static IP address for the SaaS application.
      1. Select
        IP Address/Object
        Static IP Address
        and
        Add
        an IP address.
      2. Enter the IP address of the SaaS application or select a configured address object.
      3. Enter the
        Probe Interval
        by which the branch firewall probes the SaaS application path for health information.
      4. Click
        OK
        to save your configuration changes.
    • Configure the fully qualified domain name (FQDN) for the SaaS application.
      1. Configure a FQDN address object for the SaaS application.
      2. Select
        IP Address/Object
        FQDN
        and
        Add
        the FQDN.
      3. Select the
        FQDN
        address object for the SaaS application.
      4. Enter the
        Probe Interval
        by which the branch firewall probes the SaaS application path for health information.
      5. Click
        OK
        to save your configuration changes.
    • Configure the URL for the SaaS application.
      URL monitoring is only supported for traffic over ports 80, 443, 8080, 8081, and 143.
      1. Select
        HTTP/HTTPS
        .
      2. Enter the
        Monitored URL
        of the SaaS application.
      3. Enter the
        Probe Interval
        by which the branch firewall probes the SaaS application path for health information.
      4. Click
        OK
        to save your configuration changes.
  7. Configure an SD-WAN policy rule and associate the SaaS Quality profile with the SD-WAN policy rule in the
    Application/Service
    tab.
  8. Select
    Commit
    and
    Commit and Push
    your configuration changes.
  9. Monitor SaaS application health performance.
    1. Select
      Panorama
      SD-WAN
      Monitoring
      and view impacted application or link performance.
    2. Select an application or link that has
      SaaS Monitoring
      Enabled
      .
    3. View the
      Traffic Characteristics
      and
      Link Characteristics
      .

Recommended For You