: Network > Interfaces > SD-WAN
Focus
Focus

Network > Interfaces > SD-WAN

Table of Contents
End-of-Life (EoL)

Network > Interfaces > SD-WAN

Create a virtual SD-WAN interface and add one or more physical Ethernet interface members that go to the same destination.
If Panorama is managing a multi-vsys firewall, all SD-WAN enabled interfaces and configurations must be configured on vsys1.
SD-WAN does not support an SD-WAN configuration across multiple virtual systems of a multi-VSYS firewall.
SD-WAN Interface Settings
Interface Name
The read-only Interface Name is set to sdwan. In the adjacent field, enter a numeric suffix (1 to 9,999) to identify the virtual SD-WAN interface.
Comment
The best practice is to enter a user-friendly description for the interface, such as to internet or to Western USA hub. Your comments will make it easier to identify interfaces rather than trying to decipher auto-generated names in logs and reports.
Link Tag
Tag on an SD-WAN link; for example, Cheap Broadband or Backup.
Config Tab
Virtual Router
Assign a virtual router to the interface, or select Virtual Router to define a new one (see Network > Virtual Routers). Select None to remove the current virtual router assignment from the interface.
Virtual System
If the firewall supports multiple virtual systems and that capability is enabled, you must select vsys1 for the interface.
Security Zone
Select a security zone for the interface, or select Zone to define a new zone. Select None to remove the current zone assignment from the interface. The virtual SD-WAN interface and all of its interface members must be in the same security zone, thus ensuring the same security policy rules apply to all paths from the branch to the same destination.
Advanced Tab
Interfaces
Select the Layer 3 Ethernet interfaces (for Direct Internet Access [DIA]) or virtual VPN tunnel interfaces (for hub) that constitute this virtual SD-WAN interface. The firewall virtual router uses this virtual SD-WAN interface to route SD-WAN traffic to a DIA or a hub location. The interfaces can have different tags. If you enter more than one interface, they must all be the same type (either VPN tunnel or DIA).