Prisma SD-WAN
Configure App Acceleration
Table of Contents
Configure App Acceleration
Learn about app acceleration in Prisma SD-WAN.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
App Acceleration directly addresses the causes of poor application
performance and acts in real-time to mitigate them, dramatically improving the user
experience for Prisma SD-WAN users. The primary causes of poor user
experience when accessing apps are dynamic content (content that must be processed
for each user individually, on-demand) and network connectivity issues.
App Acceleration provides you with the following functionality:
Acceleration for top SaaS apps—App Acceleration accelerates dynamic
content to improve the response time of top SaaS apps. It securely and intelligently
prepares the dynamic content that each user needs, before the user requests it.
As a result, App Acceleration dramatically reduces the response time of
applications and the APIs powering them to improve the user experience and boost
productivity.
Network Acceleration—When your users access apps, they can
experience poor app performance that is caused by decreased throughput, which could
be caused by packet loss, degraded wireless connectivity, network congestion, and
other factors. These networking issues can adversely affect the employee experience
and reduce their productivity.
When the internet was conceived, networks were homogenous and wireless
connectivity was in its infancy. Fundamental protocols like TCP were originally
created for these networks. Today, networks are no longer homogenous and wireless
connectivity creates a highly variable user experience. When users experience
degraded network conditions, TCP can't differentiate if the problem occurred because
of device limitations, network limitations, or physical constraints.
Without requiring any changes to your client configuration or applications,
App Acceleration securely builds an understanding of the:
- Device capability—The type of client endpoint
- Network capability—The type of network
- App Context— The type of app being used
Using its understanding of device, network and application context, App
Acceleration maximizes throughput and adjusts in real-time to account for changing
network conditions.
When compared to direct internet access, App Acceleration offers a marked
throughput improvement for TCP traffic when connecting through Prisma SD-WAN.
Prisma SD-WAN supports app acceleration for the following
scenarios.
- App acceleration for stand-alone Prisma SD-WAN
- App acceleration for Prisma SASE
- Network Optimization
- SaaS app acceleration
App acceleration for stand-alone Prisma SD-WAN
- Increased throughput and faster application access through layer 7 & layer 4 application acceleration.
- Self healing fabric ensures consistent user experience, eliminating the need for troubleshooting application performance impacting events.
- Continuous monitoring and performance acceleration for SAAS traffic on direct internet path.
- No additional infrastructure required to enable application acceleration.
App Acceleration for Prisma SASE
- Increased throughput and faster application access through layer 7 & layer 4 application acceleration for both public and private apps.
- Consistent user experience for hybrid/distributed workforce.
- Reduced MTTR through visibility into Real User Metrics, to pinpoint the causes of poor user experience.
- No additional infrastructure required to enable application acceleration.
Network Optimization (TCP Optimization with L4
Acceleration)
Prisma SD-WAN enhances Transmission Control Protocol (TCP)
performance through layer 4 (L4) application acceleration techniques. TCP
optimization involves mechanisms such as congestion control enhancements, selective
acknowledgments, and window scaling, which help mitigate the inefficiencies of
traditional TCP in high-latency and lossy networks.
The traditional TCP stack is agnostic to app context. It can’t infer device
characteristics or analyse if the client is not receiving packets due to a bad
network or because the connection has reached the maximum capacity. It also can’t
tell the difference between packet loss and packet corruption or determine the kind
of application that the user is consuming.
App acceleration’s network stack is enhanced with additional information about:
- Device capability—For example, Windows, Linux, iOS. Hardware optimizations on mobile devices also influence TCP.
- Network capability—For example, WiFi, 4G, 5G which affects Connection health in terms of packet loss, packet corruption, and jitter.
- App context—A near real-time app versus an actual real-time app.
- Latency-sensitive vs. bandwidth-sensitive app (for example, download on SMB, versus file download from Dropbox).
- App Acceleration starts at a higher throughput than standard TCP.
- In adverse network conditions, App Acceleration recovers throughput faster than standard TCP.
- App acceleration creates a packet shaper per user session, and updates it in real-time to account for changing network conditions. This provides the optimal “burst rate” for every session which indicates that the highest number of packets are sent to the client without slowing down the client.
By dynamically adjusting TCP parameters, Prisma SD-WAN minimizes
retransmissions and improves throughput for critical applications. This optimization
is especially beneficial for SaaS applications, cloud-hosted workloads and internet
applications, where long-distance connections and unpredictable network conditions
can degrade performance. The result is a more responsive and efficient application
experience, reducing delays and improving end-user productivity.
Learn how to configure app acceleration for network optimization.
Layer 7 (L7) Application Acceleration: Enhancing Application
Performance
SaaS application acceleration in Prisma SD-WAN is designed to enhance
application performance, reduce latency, and optimize API interactions using
advanced caching, connection management, and intelligent pre-fetching techniques. By
leveraging predictive AI/ML algorithms, and real-time optimizations, this solution
ensures seamless content delivery for web applications and SaaS platforms.
Intelligent API Prefetching for Seamless Data Delivery
- Predictive caching for personalized content: Leverages AI/ML-driven predictive caching to anticipate user needs based on historical behavior, ensuring faster access to frequently requested data.
- Programmed API Prefetching for dynamic content: Acceleration nodes are configured to prefetch SaaS application content, significantly improving response times and user experience, with no manual intervention required.
Learn how to configure app acceleration for SaaS applications.
Configure app acceleration
App acceleration is applied for application traffic originating from a branch site
when a performance policy rule is created with the action App
Acceleration.
Applications are accelerated over the direct internet
path only.
- Enable app acceleration for a tenant globally.
- Select .Select Enabled for Prisma SD-WAN.This enables app acceleration across all the Prisma SD-WAN branch sites in the tenant and network optimization is automatically enabled for all TCP apps.For app optimization, follow the steps below and select the business critical applications that needs to be accelerated.
- For SaaS app acceleration, upload a trusted certificate in the Certificate Management Page section.
![]()
Prisma SD-WAN supports PEM and PKCS#12 formats for certificates.- Ensure that the certificate that will be used for App Acceleration is distributed to all client machines.
- If required, upload the root CA for App Acceleration and select your apps, as App Acceleration creates the domain-specific certificates per app. You can still use the apps while the certificates are being created and enable App Acceleration globally, but do not enable App Acceleration at the per-app level or the clients may receive an SSL error.
- Exclude any client segments in performance policy using network contexts where the certificate store cannot be controlled, for example, guest traffic.
- In the Accelerated Apps section, select the apps that you want to accelerate by toggling the Accelerated button for the application.
Verify that app acceleration is enabled for a site.- Select and select a site.Check that the App Acceleration icon is displayed on the Site Summary page.
![]()
(Optional) Disable app acceleration for a site.- Select and select a site.On the Configuration tab, App Acceleration is enabled by default for all sites when App acceleration is enabled at the tenant level.
![]()
You can choose to enable or disable app acceleration for a site by toggling the App Acceleration button.Configure app acceleration as an action in a performance policy rule.- Select .Select the Rule Type as App/Network SLA and select Action as App Acceleration.Add a path filter for Direct-Internet.Add the rule to a performance policy stack and bind the stack to a site.Ensure that the path policy rule for the application has the path as Direct on Any Public.
Viewing App Acceleration Statistics
View the different types of statistics generated for app acceleration that help in analysis and troubleshooting. - Select and select a site.For a site, select Site Summary.In the Applications section, select View All Flows.
![]()
Select an SRC to view the flow details.![]()
Select App Acceleration Info to view the app acceleration parameters for a flow.![]()
App Acceleration Data Interpretation Item Description Cloud Availability Zone Displays the cloud availability zone (us-west1), indicating that the app acceleration nodes for this branch site are located in the us-west1. Connect Time Displays the time taken to establish the connection. (122 ms (milliseconds)). RTT Variance Displays the fluctuation in the round-trip time (RTT). End RTT Displays the final round-trip time after the connection was established (127 ms). Connection Duration Displays the time for which the connection lasted (21 s). Bytes In Displays the number of bytes received by the server from the client (810 bytes). This is quite small as compared to the outbound data, which indicates a mostly one-way data flow from the server to the client. Bytes Out Displays the number of bytes sent by the server to the client (104,887,300 bytes). This is a large volume of outbound data, which indicates that the server is sending large files or streaming significant data to the client. Throughput In Displays the rate at which data is coming into the server (0.81 bits/21 sec). This is an extremely low throughput rate, suggesting that very little data was sent from the client to the server, which aligns with the low Bytes In value. Throughput Out Displays the rate at which data is being sent from the server to the client (104,887.3 bits/21 sec). This is much higher than the inbound throughput, reflecting that most of the data transfer was outbound from the server. Begin Congestion Window Displays the congestion window size at the start of the connection (100 bytes). The congestion window controls the flow of data, allowing only a certain amount of unacknowledged data to be sent before waiting for acknowledgment. It is a common starting point for TCP connections.End Congestion Window Displays the congestion window size towards the end of the connection. The congestion window increased to 951 bytes by the end of the connection. This indicates that the network was able to handle more data over time, probably due to better conditions and successful acknowledgment of previously sent packets.This enhancement is due to the network app acceleration feature provided by Prisma SD-WAN.Related CLIs
- debug performance policy
- inspect flow details
- inspect performance policy fec status
- inspect performance policy hits analytics
- inspect performance policy incidents
- inspect performance policy lookup
- dump app accel keys
- dump app accel status
- dump flow
- dump interface config
- dump performance policy config policy rules
- dump performance policy config policy sets
- dump performance policy config policy set stacks
- dump performance policy config threshold profile
