>
    Strata Copilot
    Configure a Site Protection Profile
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Prisma SD-WAN Administrator’s Guide
    4. Prisma SD-WAN Sites and Devices
    5. Set Up Sites
    6. Configure a Site Protection Profile
    Download PDF
    Prisma SD-WAN

    Configure a Site Protection Profile

    Table of Contents

    Configure a Site Protection Profile

    Prisma SD-WAN allows to configure site protection profile where you can define the flow limit threshold.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN (Managed by Strata Cloud Manager)
    • Prisma SD-WAN
    The Site Protection Profile (SPP) module for ION devices mitigates risks associated with unchecked network flow generation. This feature allows you to actively measure and throttle the number of active flows per source IP address. This prevents a single entity from degrading network performance for all legitimate users.
    This feature is supported on all hardware ION devices and virtual ION devices. When a SPP key's flow count exceeds a pre-defined threshold (ranging from 1% to 100% of the total concurrent flow limit), the system generates a FLOW_LIMIT_PER_SOURCE_EXCEEDED incident.
    Scan-app flows, multicast traffic, and ION device self-generated traffic are exempt from flow throttling.
    You configure the SPP on ION devices using Strata Cloud Manager. For High Availability (HA) configurations, you must configure each device individually.
    1. Log in to Strata Cloud Manager. Select ConfigurationPrisma SD-WANProfiles and Templates and then select Site Protection.
    2. Enter a Name and (Optional) Description, and add Tags. Add Flow Limit Threshold(%), the threshold ranges from 1 to 100 percent of the total flow limit. You can define this threshold based on the ION device concurrent flows.
    3. Click Submit to save your changes.

    © 2026 Palo Alto Networks, Inc. All rights reserved.