Prisma SD-WAN Administrator’s Guide
    : Minimize Metered LTE Usage
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator’s Guide
    5. Prisma SD-WAN Stacked Policies
    6. Add a Path Policy Rule
    7. Minimize Metered LTE Usage
    Download PDF

    Prisma SD-WAN Administrator’s Guide

    Minimize Metered LTE Usage

    Table of Contents

    Minimize Metered LTE Usage

    See how to Minimize Metered LTE Usage in Prisma SD-WAN.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Active Prisma SD-WAN license
    You can configure Prisma SD-WAN to minimize the use of metered backup links and leverage the use of LTE links when other active paths are not available. Use the following workflow for ensuring flexibility and agility at a lower cost by sending data over metered links for business continuity only when the primary connection is unavailable.
    1. Modify the LTE circuit settings to minimize metered usage.
      1. Select WorkflowsSitesSelect a siteInternet CircuitsChange Circuits(Metered 3G/4G/LTE Circuit Category) CircuitEdit.
      2. Minimize traffic over the LTE circuit.
        • Clear BW Monitoring.
        • Clear LQ Monitoring.
        • Select the BFD Mode.
          • For devices running versions 5.3.x or earlier versions, select Non-aggressive as the BFD Mode because these versions do not support VPN keep-alives.
          • For devices running 5.4.1 or later versions, select Override VPN Keep-Alive and set the Keep-Alive Interval to 600,000 ms.
        • Set Cost to 129 to lower the preference for the circuit.
        • Select No for Controller Connections to exclude this circuit from connecting to the controller for device-related services.
        • Select No for App Reachability Probes to exclude this circuit from checking the reachability of an application for a given path.
    2. Modify the circuit category settings to minimize metered LTE usage.
      1. Select ManageResourcesCircuit Categories.
      2. Edit the Metered 3G/4G/LTE circuit category.
        You can select any circuit category to modify for minimizing metered LTE usage but use the metered 3G/4G/LTE circuit category for optimum settings.
        In less common cases, you can use metered private links. For example, metered LTE links can be terminated into a private network versus the public internet. In this case, you can use a Private circuit category instead of a Public circuit category.
      3. Clear the Use For Controller Connections check box to minimize the amount of data sent over that path to the controller.
      4. Clear the Use For Application Reachability Probes check box to reduce the amount of non-user application traffic over metered circuits.
        This should ONLY be done if this circuit category is referenced as an L3 failure path in the path policy rule, as this will effectively ensure that the ION device does not react to layer 7 failures for application flows on this circuit.
      5. Set the Keep-Alive Interval to 600,000 ms.
    3. Configure a path policy rule to minimize metered LTE usage.
      1. Select ManagePoliciesPathPath StacksAdvancedPath SetsSelect a SetAdd Rule/Edit Rule.
      2. On the Paths tab, select Metered 3G/4G/LTE as the Circuit Category under L3 Failure Paths.
        This is applicable for devices running versions 5.2.1 or higher.
        For devices running versions 5.2.1 or earlier and have traffic going through a Prisma SD-WAN VPN across a metered link, set the Backup Overlay to VPN and the Circuit Category to Metered 3G/4G/LTE Internet in the path policy rule.
    4. Verify the policy configuration.
      Path policies control application session forwarding behavior at a site level. Path policies can specify broad actions as well as specific actions per application. This can include specific paths defined as Active, Backup, or L3 Failure Paths in the policy.
      1. Review paths configured in policy rules.
        • Active Paths—These should include very specific circuit category definitions. For example, for traffic intended to traverse a VPN across an Internet DSL link, the active path overlay should be VPN and the circuit category should be Internet DSL.
        • Backup Paths—These should include very specific Circuit Category definitions. In many cases, it may be desirable to limit Backup Path usage only for critical applications. This is determined on a case-by-case basis as this can vary by vertical and the primary line of business at the location. For these cases, the use of Advanced Stacked Policies is recommended. This will allow for hierarchical policy inheritance with exceptions where needed by the business.
        • L3 Failure Paths—For ION devices running versions 5.2.1 and higher, the L3 Failure Paths are built for Metered LTE circuits.
      2. Review the path policy set stacks bound to a site.
        Select ManagePoliciesBindings to view the path policy set stack bound to a site. The path policy set stacks and the order of the policy sets in the stack are bound to a site.

    © 2024 Palo Alto Networks, Inc. All rights reserved.