Network > Network Profiles > SD-WAN Interface Profile
Create an SD-WAN Interface Profile to group physical links by Link Tag and to control the speed of links and how frequently the firewall monitors those links.
SD-WAN Interface Profile
Nameof the SD-WAN Interface Profile using a maximum of 31 alphanumeric characters. The name must begin with an alphanumeric character and can contain letters, numbers, underscores (_), hyphens (-), periods (.), and spaces.
Link Tagthat this profile will assign to the interface or
Adda new tag. A link tag bundles physical links (different ISPs) for the firewall to select from during path selection and failover.
Enter a user-friendly description of the profile.
Select the physical link type from the predefined list (
Other). The firewall can support any CPE device that terminates and hands off as an Ethernet connection to the firewall. For example, Wi-Fi access points, Long-Term Evolution (LTE) modems, and laser-microwave customer-premises equipment (CPEs) all can terminate with an Ethernet hand-off.
VPN Data Tunnel Support
PAN-OS 9.1.2 and later 9.1 releases) Determines whether the branch-to-hub traffic and return traffic flows through a VPN tunnel for added security (enabled by default) or flows outside of the VPN tunnel to avoid encryption overhead.
Maximum Download (Mbps)
Enter the maximum download speed from the ISP in megabits per second (range is 1 to 100,000; there is no default value). Ask your ISP for the link speed or sample the maximum speeds for the link using a tool such as speedtest.net and take an average of the maximums over an appropriate length of time.
Maximum Upload (Mbps)
Enter the maximum upload speed from the ISP in Mbps (range is 1 to 100,000; there is no default value). Ask your ISP for the link speed or sample the maximum speeds for the link using a tool such as speedtest.net and take an average of the maximums over an appropriate length of time.
Select the path monitoring mode in which the firewall monitors the interfaces where you apply this SD-WAN Interface Profile.
Probe Frequency (per second)
Enter the probe frequency, which is the number of times per second that the firewall sends a probe packet to the opposite end of the SD-WAN link (range is 1 to 5; default is 5).
Probe Idle Time (seconds)
If you select
Relaxedpath monitoring, you can set the probe idle time (in seconds) that the firewall waits between sets of probe packets (range is 1 to 60; default is 60).
Failback Hold Time (seconds)
Enter the length of time (in seconds) that the firewall waits for a recovered link to remain qualified before the firewall reinstates that link as the preferred link after it has failed over (range is 20 to 120; default is 120). The failback hold time prevents a recovered link from being reinstated as the preferred link too quickly and having it fail again right away.
Recommended For You
Recommended videos not found.