Configure Device Initiated Connections for Circuits

Learn more about the Configure device initiated connections for circuits in Prisma SD-WAN.
Prisma SD-WAN ION devices initiate multiple connections to the controller for various services such as Message Routing Layer (MRL) service, statistics, flows, logs, and remote access of device toolkit. For services connecting to the controller using random paths or interfaces, you can exclude certain interfaces or paths from being used for these services. For example, an expensive metered LTE circuit is used as a last resort interface to maintain connectivity to the controller.
In addition, ION devices generate application reachability probes when an application or prefix is unreachable for a particular path. However, if a particular circuit is to be used as a path of last resort only, then the amount of non end-user traffic going over that specific circuit should be minimized. You can exclude certain circuits and circuit categories from being used for device initiated connections by using the Use for controller connections and Use for application probes options.
You can prioritize ION device interfaces use for device initiated connections in the order of first controller port interface, LAN port, any interface which does not have a label attached, but has an IP address, and then interfaces with circuit labels attached. The order of preference is based on the cost of a circuit. A circuit with a higher cost has a lower preference for device to controller connections.
  1. From
    Map
    Sites
    , select a site and click
    Summary
    .
  2. Click
    Change Circuits
    for either
    Internet Circuits
    or
    Private WAN Circuits
    .
  3. Click
    Edit
    below the circuit name.
  4. On the
    Circuit Information
    screen, select Yes for
    Controller Connections
    , only if using the circuit for connecting to the controller for device related services.
    Select No, if this circuit is to be excluded from connecting to the controller for device related services such as metered LTE circuits.
    Select
    Use Circuit Category Setting
    for selecting the configuration from the Circuit Category.
  5. Select Yes for
    App Reachability Probes
    , only if using the circuit for checking the reachability of an application for a given path.
    Select No, if this circuit is to be excluded from checking the reachability of an application for a given path such as metered LTE circuits. Select
    Use Circuit Category Setting
    for selecting the configuration from the Circuit Category.
  6. Click
    Done
    .
    A
    DEVICESW_INITIATED_CONNECTION_ON_EXCLUDED_PATH
    alarm is generated when a device initiated controller connection is established using an excluded interface or path. The lack of an available interface or path has forced the connection on an excluded path or interface as a last resort.

Recommended For You