SD-WAN Application/Service Tab

Application/Service tab in the SD-WAN policy rule configuration window.
  • Policies
Select the
tab to specify the applications or services to which the SD-WAN policy rule applies.
Path Quality Profile
Select a path quality profile that determines the maximum jitter, latency and packet loss percentage thresholds you want to apply to the specified applications and services. If a path quality profile has not yet been created, you can create a
New SD-WAN Path Quality
profile from this tab.
specific applications for the SD-WAN policy rule, or select
. If an application has multiple functions, select the overall application or individual functions. If you select the overall application, all functions are included and the application definition is automatically updated as future functions are added.
If you are using application groups, filters, or containers in the SD-WAN policy rule, view details of these objects by hovering over the object in the Application column, opening the drop-down, and selecting
. This allows you to view application members directly from the policy without having to navigate to the
Add only business-critical applications that are affected by latency, jitter, or packet loss. Avoid adding application categories or sub-categories as these are too broad and do not allow for per-application control.
specific services for the SD-WAN policy rule and select on which ports packets from these services are allowed or denied:
  • any
    —The selected services are allowed or denied on any protocol or port.
  • application-default
    —The selected services are allowed or denied only on their default
    ports defined by Palo Alto Networks
    ®. This option is recommended for policies that specify the
    action because it prevents services from running on unusual ports and protocols which, if unintentional, can be a sign of undesired service behavior and usage.
When you use this option, only the default port matches the SD-WAN policy and action is enforced. Other services not on the default port may be allowed depending on the Security policy rule, but do not match the SD-WAN policy, and no SD-WAN policy rule action is taken.
For most services, use
to prevent the service from using non-standard ports or exhibiting other evasive behaviors. If the default port for the service changes, the firewall automatically updates the rule to the correct default port. For services that use non-standard ports, such as internal custom services, either modify the service or create a rule that specifies the non-standard ports and apply the rule only to the traffic that requires the service.

Recommended For You