Focus

Performance Policy Default Behavior

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Administration
Deployment
Incidents & Alerts
CloudBlades
Version
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
Reference
Release Notes
Version
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades

Prisma SD-WAN Performance Policy

Add Performance Policy Stack

Performance Policy Default Behavior

List all the default behavior for Performance Policy

Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Active Prisma SD-WAN license. Physical and virtual ION devices running software version 6.3.1 and higher.

The system automatically assigns a default policy stack to a site as part of the default policy configuration. You can't remove the default set from the default stack, the default rules from the set, or the default threshold profile from the rules. Your ability to make changes be limited to editing the actions and thresholds for default policy rules. After you configure a rule, it takes precedence over the default rules based on the order of rules. The default values for media apps are set at latency = 150 ms, packet loss = 2%, and jitter = . For all other Apps, default values are latency = 500 ms, packet loss = 5%, and jitter = 100 ms.

After upgrading an ION device to version 6.3.1 or higher, the system automatically applies the following three default performance policy rules to the site.

Default Performance Policy Rule for Action Visibility
- Intent: This rule uses the Performance SLA (Latency: 150 ms, Packet Loss: 2%, Jitter: 75 ms) to control the threshold lines available under MonitorBranch Sites Prisma SD-WAN > {Site Name}{Circuit Name}{Secure Fabric}.
- Action: Visibility
- Performance SLA: Default performance SLA for media apps.
  - Latency: 150
  - Packet Loss: 2
  - Jitter: 75
Default Performance policy rule for All Media Apps
- Intent: This rule attempts to utilize an active path (as listed in the path policy) that meets the conditions of the performance SLA (Latency: 150 ms, Packet Loss: 2%, Jitter: 75 ms), for Audio and Video media apps. If no active paths are compliant, it will use the backup paths.
- Action: Move Flows
- Performance SLA: Default performance SLA for media apps.
  - Latency: 150
  - Packet Loss: 2
  - Jitter: 75
- App Filters: Audio, Video (Transfer Type).
Default Performance Policy Rule for All Apps
- Intent: This rule attempts to utilize an active path (as listed in the path policy) that meets the conditions of the performance SLA (Latency: 500 ms, Packet Loss: 5%, Jitter: 100 ms), for bulk and transactional apps. If no active paths are compliant, it will use the backup paths.
- Action: Move Flows
- Performance SLA: Default performance SLA for media apps.
  - Latency: 500
  - Packet Loss: 5
  - Jitter: 100
- App Filters: Transactional, Bulk (Transfer Type).
You can edit the default policy SLAs to customize Prisma SD-WAN according to the specific requirements of your network. Default rules are not editable, only the default SLAs can be edited.

Default Service Health Probe Behavior

After upgrading an ION device to version 6.4.1 or higher, the system automatically applies the following three default service health probes to each circuit:

If you were an existing customer at the time of the 6.4.1 controller upgrade (April 2024), the service health probes will be created, attached to the default probe profiles, which are bound to the appropriate (nonmetered) circuit categories but, in a disabled state. The default service probes can be enabled globally for each of the three probes under ManagePrisma SD-WANResourcesProbesProbe Config. If your tenant was created after the 6.4.1 controller upgrade, then the three default service health probes will be enabled for the nonmetered circuit categories and no further action is required.

Default Service Probe for CloudFlare DNS ICMP

Probe Name: CloudFlare DNS ICMP Response
Intent: ICMP response for CloudFlare DNS is used to measure general internet network conditions across all paths. This probe should be used as an SLA input for general internet-destined traffic.
IP Address: 1.1.1.1
Protocol: ICMP
Probe Cycle Duration: 10 seconds
Probe Count: 2
Probe Path: Direct, Prisma SD-WAN VPN, Standard VPN

Default Service Probe for MS Teams ICMP Response

Probe Name: MS Teams ICMP Response
Intent: ICMP response for Microsoft Teams is used to measure the specific network conditions for Microsoft Teams across all paths. This probe should be used as an SLA input for Microsoft Teams traffic.
FQDN/URL: teams.microsoft.com
Protocol: ICMP
Probe Cycle Duration: 10 seconds
Probe Count: 2
Probe Path: Direct, Prisma SD-WAN VPN, Standard VPN

Default Service Probe for Google G-suite ICMP Response

Probe Name: Google G-Suite ICMP Response
Intent: ICMP response for Google G-Suite is used to measure the specific network conditions for the Google Productivity suite across all paths. This probe should be used as an SLA input for Google traffic.
FQDN / URL: apps.google.com
Protocol: ICMP
Probe Cycle Duration: 10 seconds
Probe Count: 2
Probe Path: Direct, Prisma SD-WAN VPN, Standard VPN

Prisma SD-WAN Performance Policy

Add Performance Policy Stack

Prisma SD-WAN Docs

Performance Policy Default Behavior

Prisma SD-WAN Docs

Performance Policy Default Behavior

Default Service Health Probe Behavior

Activation & Onboarding

SASE

Visibility & Monitoring

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices