>
    Configure App Acceleration
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Prisma SD-WAN Performance Policy
    4. Add Performance Policy Rules
    5. Configure App Acceleration
    Download PDF
    Prisma SD-WAN

    Configure App Acceleration

    Table of Contents

    Configure App Acceleration

    Learn about app acceleration in Prisma SD-WAN.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Prisma SD-WAN license
    • Physical and virtual ION devices running software version 6.4.2 and higher for network optimization
    • Physical and virtual ION devices running software version 6.5.2 and higher for network optimization and SaaS application acceleration
    • App Acceleration license for Prisma SD-WAN
    App Acceleration directly addresses the causes of poor application performance and acts in real-time to mitigate them, dramatically improving the user experience for Prisma SD-WAN users. The primary causes of poor user experience when accessing apps are dynamic content (content that must be processed for each user individually, on-demand) and network connectivity issues.
    App Acceleration provides you with the following functionality:
    Acceleration for top SaaS apps—App Acceleration accelerates dynamic content to improve the response time of top SaaS apps. It securely and intelligently prepares the dynamic content that each user needs, before the user requests it.
    As a result, App Acceleration dramatically reduces the response time of applications and the APIs powering them to improve the user experience and boost productivity.
    Network Acceleration—When your users access apps, they can experience poor app performance that is caused by decreased throughput, which could be caused by packet loss, degraded wireless connectivity, network congestion, and other factors. These networking issues can adversely affect the employee experience and reduce their productivity.
    When the internet was conceived, networks were homogenous and wireless connectivity was in its infancy. Fundamental protocols like TCP were originally created for these networks. Today, networks are no longer homogenous and wireless connectivity creates a highly variable user experience. When users experience degraded network conditions, TCP can't differentiate if the problem occurred because of device limitations, network limitations, or physical constraints.
    Without requiring any changes to your client configuration or applications, App Acceleration securely builds an understanding of the:
    • Device capability—The type of client endpoint
    • Network capability—The type of network
    • App Context— The type of app being used
    Using its understanding of device, network and application context, App Acceleration maximizes throughput and adjusts in real-time to account for changing network conditions.
    When compared to direct internet access, App Acceleration offers a marked throughput improvement for TCP traffic when connecting through Prisma SD-WAN.
    Prisma SD-WAN supports app acceleration for the following scenarios.
    App acceleration for stand-alone Prisma SD-WAN
    • Increased throughput and faster application access through layer 7 & layer 4 application acceleration.
    • Self healing fabric ensures consistent user experience, eliminating the need for troubleshooting application performance impacting events.
    • Continuous monitoring and performance acceleration for SAAS traffic on direct internet path.
    • No additional infrastructure required to enable application acceleration.
    App Acceleration for Prisma SASE
    • Increased throughput and faster application access through layer 7 & layer 4 application acceleration for both public and private apps.
    • Consistent user experience for hybrid/distributed workforce.
    • Reduced MTTR through visibility into Real User Metrics, to pinpoint the causes of poor user experience.
    • No additional infrastructure required to enable application acceleration.
    Network Optimization (TCP Optimization with L4 Acceleration)
    Prisma SD-WAN enhances Transmission Control Protocol (TCP) performance through layer 4 (L4) application acceleration techniques. TCP optimization involves mechanisms such as congestion control enhancements, selective acknowledgments, and window scaling, which help mitigate the inefficiencies of traditional TCP in high-latency and lossy networks.
    The traditional TCP stack is agnostic to app context. It can’t infer device characteristics or analyse if the client is not receiving packets due to a bad network or because the connection has reached the maximum capacity. It also can’t tell the difference between packet loss and packet corruption or determine the kind of application that the user is consuming.
    App acceleration’s network stack is enhanced with additional information about:
    • Device capability—For example, Windows, Linux, iOS. Hardware optimizations on mobile devices also influence TCP.
    • Network capability—For example, WiFi, 4G, 5G which affects Connection health in terms of packet loss, packet corruption, and jitter.
    • App context—A near real-time app versus an actual real-time app.
    • Latency-sensitive vs. bandwidth-sensitive app (for example, download on SMB, versus file download from Dropbox).
    • App Acceleration starts at a higher throughput than standard TCP.
    • In adverse network conditions, App Acceleration recovers throughput faster than standard TCP.
    • App acceleration creates a packet shaper per user session, and updates it in real-time to account for changing network conditions. This provides the optimal “burst rate” for every session which indicates that the highest number of packets are sent to the client without slowing down the client.
    By dynamically adjusting TCP parameters, Prisma SD-WAN minimizes retransmissions and improves throughput for critical applications. This optimization is especially beneficial for SaaS applications, cloud-hosted workloads and internet applications, where long-distance connections and unpredictable network conditions can degrade performance. The result is a more responsive and efficient application experience, reducing delays and improving end-user productivity.
    Learn how to configure app acceleration for network optimization.
    Layer 7 (L7) Application Acceleration: Enhancing Application Performance
    SaaS application acceleration in Prisma SD-WAN is designed to enhance application performance, reduce latency, and optimize API interactions using advanced caching, connection management, and intelligent pre-fetching techniques. By leveraging predictive AI/ML algorithms, and real-time optimizations, this solution ensures seamless content delivery for web applications and SaaS platforms.
    Intelligent API Prefetching for Seamless Data Delivery
    • Predictive caching for personalized content: Leverages AI/ML-driven predictive caching to anticipate user needs based on historical behavior, ensuring faster access to frequently requested data.
    • Programmed API Prefetching for dynamic content: Acceleration nodes are configured to prefetch SaaS application content, significantly improving response times and user experience, with no manual intervention required.
    Learn how to configure app acceleration for SaaS applications.
    Configure app acceleration
    App acceleration is applied for application traffic originating from a branch site when a performance policy rule is created with the action App Acceleration.
    Applications are accelerated over the direct internet path only.
    1. Enable app acceleration for a tenant globally.
      1. Select WorkflowsApp AccelerationConfiguration.
      2. Select Enabled for Prisma SD-WAN.
        This enables app acceleration across all the Prisma SD-WAN branch sites in the tenant and network optimization is automatically enabled for all TCP apps.
        For app optimization, follow the steps below and select the business critical applications that needs to be accelerated.
        1. For SaaS app acceleration, upload a trusted certificate in the Certificate Management Page section.
          Prisma SD-WAN supports PEM and PKCS#12 formats for certificates.
          • Ensure that the certificate that will be used for App Acceleration is distributed to all client machines.
          • If required, upload the root CA for App Acceleration and select your apps, as App Acceleration creates the domain-specific certificates per app. You can still use the apps while the certificates are being created and enable App Acceleration globally, but do not enable App Acceleration at the per-app level or the clients may receive an SSL error.
          • Exclude any client segments in performance policy using network contexts where the certificate store cannot be controlled, for example, guest traffic.
        2. In the Accelerated Apps section, select the apps that you want to accelerate by toggling the Accelerated button for the application.
    2. Verify that app acceleration is enabled for a site.
      1. Select WorkflowsBranch Sites and select a site.
      2. Check that the App Acceleration icon is displayed on the Site Summary page.
    3. (Optional) Disable app acceleration for a site.
      1. Select WorkflowsBranch Sites and select a site.
        On the Configuration tab, App Acceleration is enabled by default for all sites when App acceleration is enabled at the tenant level.
      2. You can choose to enable or disable app acceleration for a site by toggling the App Acceleration button.
    4. Configure app acceleration as an action in a performance policy rule.
      1. Select ManagePerformance Policies Performance Sets.
      2. Select the Rule Type as App/Network SLA and select Action as App Acceleration.
      3. Add a path filter for Direct-Internet.
      4. Add the rule to a performance policy stack and bind the stack to a site.
        Ensure that the path policy rule for the application has the path as Direct on Any Public.

    Viewing App Acceleration Statistics

    View the different types of statistics generated for app acceleration that help in analysis and troubleshooting.
    1. Select MonitorBranch Sites and select a site.
    2. For a site, select Site Summary.
    3. In the Applications section, select View All Flows.
    4. Select an SRC to view the flow details.
    5. Select App Acceleration Info to view the app acceleration parameters for a flow.
      App Acceleration Data Interpretation
      ItemDescription
      Cloud Availability ZoneDisplays the cloud availability zone (us-west1), indicating that the app acceleration nodes for this branch site are located in the us-west1.
      Connect TimeDisplays the time taken to establish the connection. (122 ms (milliseconds)).
      RTT VarianceDisplays the fluctuation in the round-trip time (RTT).
      End RTTDisplays the final round-trip time after the connection was established (127 ms).
      Connection DurationDisplays the time for which the connection lasted (21 s).
      Bytes InDisplays the number of bytes received by the server from the client (810 bytes). This is quite small as compared to the outbound data, which indicates a mostly one-way data flow from the server to the client.
      Bytes OutDisplays the number of bytes sent by the server to the client (104,887,300 bytes). This is a large volume of outbound data, which indicates that the server is sending large files or streaming significant data to the client.
      Throughput InDisplays the rate at which data is coming into the server (0.81 bits/21 sec). This is an extremely low throughput rate, suggesting that very little data was sent from the client to the server, which aligns with the low Bytes In value.
      Throughput OutDisplays the rate at which data is being sent from the server to the client (104,887.3 bits/21 sec). This is much higher than the inbound throughput, reflecting that most of the data transfer was outbound from the server.
      Begin Congestion Window
      Displays the congestion window size at the start of the connection (100 bytes). The congestion window controls the flow of data, allowing only a certain amount of unacknowledged data to be sent before waiting for acknowledgment. It is a common starting point for TCP connections.
      End Congestion WindowDisplays the congestion window size towards the end of the connection.
      The congestion window increased to 951 bytes by the end of the connection. This indicates that the network was able to handle more data over time, probably due to better conditions and successful acknowledgment of previously sent packets.
      This enhancement is due to the network app acceleration feature provided by Prisma SD-WAN.

    © 2025 Palo Alto Networks, Inc. All rights reserved.