Source tab in the SD-WAN policy rule configuration window.
define the source zones, source addresses, and source users that
define the incoming packets to which the SD-WAN policy applies.
To specify a source zone, select
select one or more zones, or select
multiple zones can simplify management. For example, if you have
three branches in different zones and you want the remaining match
criteria and path selection to be the same for the three branches,
you can create one SD-WAN rule and specify the three source zones
to cover the three branches.
Only Layer 3 type zones
are supported for SD-WAN policy rules.
To specify source addresses,
addresses or external dynamic lists (EDL), select from the drop-down,
and create a new address
object. Alternatively, select
To specify certain users, select
type then indicates
) and enter a user,
list of users, or groups of users. Alternatively, select a type
any user, regardless of user data.
—Include remote users who
are connected to the network using GlobalProtect™, but are not logged
into their system. When the Pre-logon option is configured on the
Portal for GlobalProtect apps, any user who is not currently logged
into their machine will be identified with the username pre-logon.
You can then create policies for pre-logon users and although the
user is not logged in directly, their machines are authenticated
on the domain as if they were fully logged in.
—Includes all authenticated
users, which means any IP address with user data mapped. This option
is equivalent to the “domain users” group on a domain.
—Includes all unauthenticated
users, which means IP addresses that are not mapped to a user. For
example, you could select
access to something because they will have an IP address on your
network, but will not be authenticated to the domain and will not
have IP address-to-user mapping information on the firewall.
the firewall collects user information from a RADIUS, TACACS+, or
SAML identity provider server and not from the User-ID™ agent, the
list of users does not display; you must enter user information