Network > Network Profiles > SD-WAN Interface Profile
Create an SD-WAN Interface Profile to
group physical links by Link Tag and to control the speed of links
and how frequently the firewall monitors the link.
SD-WAN Interface Profile | |
---|---|
Name | Enter the name of the SD-WAN Interface Profile
using a maximum of 31 alphanumeric characters. The name must begin
with an alphanumeric character and can contain letters, numbers,
underscores (_), hyphens (-), periods (.), and spaces. |
Location | Select a virtual system for a multi-vsys
device. |
Link Tag | Select the Link Tag that this profile will
assign to the interface or add a new tag. A link tag bundles physical
links (different ISPs) for the firewall to select from during path
selection and failover. |
Description | It is a best practice to enter a user-friendly
description of the profile. |
Link Type | Select the physical link type from the predefined
list ( ADSL/DSL , Cable Modem , Ethernet , Fiber , LTE/3G/4G/5G , MPLS , Microwave/Radio , Satellite , WiFi ,
or Other ). The firewall can support any CPE
device that terminates and hands off as an Ethernet connection to
the firewall; for example, WiFi access points, LTE modems, laser-microwave
CPEs all can terminate with an Ethernet hand-off. |
Maximum Download (Mbps) | Enter the maximum download speed from the
ISP in megabits per second; range is 1 to 100,000, there is no default
value. Ask your ISP for the link speed or sample the link’s maximum
speeds with a tool such as speedtest.net and take an average of
the maximums over a good length of time. |
Maximum Upload (Mbps) | Enter the maximum upload speed from the
ISP in megabits per second; range is 1 to 100,000, there is no default
value. Ask your ISP for the link speed or sample the link’s maximum
speeds with a tool such as speedtest.net and take an average of
the maximums over a good length of time. |
Eligible for Error Correction Profile interface selection | Select this setting to make interfaces (where
you apply this profile) eligible for the encoding firewall to select
them for Forward Error Correction (FEC) or packet duplication. You
can deselect this setting so that expensive FEC or packet duplication
is never used on an expensive link (interface) where you apply the
profile. The Link Type specified for the
profile determines whether the default setting of Eligible
for Error Correction Profile interface selection is
selected or not.To configure FEC or packet duplication, create
an SD-WAN Error Correction
Profile. |
VPN Data Tunnel Support | Determines whether the branch-to-hub traffic
and the return traffic flows through a VPN tunnel for added security
(enabled by default) or flows outside of the VPN tunnel to avoid
encryption overhead.
|
VPN Failover Metric | ( PAN-OS 10.0.3 and later releases )
When you configure DIA AnyPath, you need a way to specify the failover
order of individual VPN tunnels bundled in a hub virtual interface
or branch virtual interface to which DIA fails over. Specify the
VPN Failover Metric for the VPN tunnel (link); range is 1 to 65,535;
default is 10. The lower the metric value, the higher the priority
of the tunnel (link where you apply this profile) to be chosen during
failover.For example, set the metric to a low value and apply
the profile to a broadband interface; then create a different profile
that sets a high metric to apply to an expensive LTE interface to
ensure it is used only after broadband has failed over. If
you have only one link at the hub, that link supports all of the
virtual interfaces and DIA traffic. If you want to use the link
types in a specific order, you must apply a Traffic Distribution
profile to the hub that specifies Top Down Priority ,
and then order the Link Tags to specify the preferred order. (If
you apply a Traffic Distribution profile that instead specifies Best
Available Path , the firewall will use the link, regardless
of cost, to choose the best performing path to the branch.) In summary,
Link Tags in a Traffic Distribution Profile, the Link Tag applied
to a hub virtual interface,
and a VPN Failover Metric work only when the Traffic Distribution
profile specifies Top Down Priority . |
Path Monitoring | Select the path monitoring mode in which
the firewall monitors the interfaces where you apply this SD-WAN
Interface Profile.
|
Probe Frequency (per second) | Enter the probe frequency, which is the
number of times per second that the firewall sends a probe packet
to the opposite end of the SD-WAN link (range is 1 to 5; default
is 5). |
Probe Idle Time (seconds) | If you select Relaxed path
monitoring, you can set the probe idle time (in seconds) that the
firewall waits between sets of probe packets (range is 1 to 60;
default is 60). |
Failback Hold Time (seconds) | Enter the length of time (in seconds) that
the firewall waits for a recovered link to remain qualified before
the firewall reinstates that link as the preferred link after it
has failed over (range is 20 to 120; default is 120). The failback
hold time prevents a recovered link from being reinstated as the preferred
link too quickly and having it fail again right away. |
Recommended For You
Recommended Videos
Recommended videos not found.