Configure System Application Overrides
System applications are applications that are defined, managed, and maintained by Prisma SD-WAN. These applications are pre-loaded and continuously updated in your system. Prisma SD-WAN allows users to customize system applications by configuring overrides. The values defined will override the default values defined in the system. System Application attributes that you may customize include application category, ingress traffic, connection idle timeout, transfer type, and path affinity. To configure system application overrides:
- On the Prisma SD-WAN web interface, select eitherStacked PoliciesorPolicies (Original)and clickApps.
- Select a system application and from the ellipsis menu, selectAdd Override.
- (Optional)From theCategorydrop-down, select a category to override the existing category for a given application.
- (Optional)From thePath Affinitydrop-down, selectStrictorNone.Strict—If a path selected for a client session is available within policy, subsequent application sessions from the same client for this application will adhere to the originally-selected path.None—It is the opposite of strict. Each subsequent client session will be free to take any path allowed by policy as long as that path is available within the service level agreement (SLA).
- (Optional)From theTransfer Typedrop-down, select transfer type asTransactional,Bulk,Real-Time Audio, orReal-Time Video.
- SelectUse Parent App Network Policy, where child applications use the network policies of their parent applications.This functionality is disabled by default and is currently available only for Google applications.
- (Optional)Enter a percentage value forIngress Traffic Capacity.This value indicates application traffic characteristics with respect to ingress. If an application takes longer to download, configure a higher value for ingress traffic percentage.
- (Optional)Enter a value in seconds forConnection Idle Timeout.The new value will be applicable for new flows, while existing flows will continue to use the old timeout value. If the ION device does not see a flow termination sequence for a given flow and there is no activity on the flow, then the ION device will delete its internal flow state after the configured idle timeout.
- SelectUnreachability Detectionto monitor applications for reachability.Application reachability is used to determine if a given application is reachable on a given path. This information is useful when making path selection decisions. If an application is unreachable on a given path, then that path is not used. If all paths are marked unreachable, then one of the active paths, as defined in application path policy is selected.The ION device continuously monitors communication between clients (on the LAN side) and servers (on the WAN side). If the ION device determines that a server is not responding to a client's messages on a given path, it triggers the application reachability feature. The ION device actively probes the server on that path to ensure that the server is reachable and responding.The ION device monitors communication only for the TCP flows initiated from the LAN side of the ION device. All TCP applications have the unreachability detection feature enabled by default. When adding a system application override, this feature can be disabled optionally. If no value is selected for this field, then the unreachability detection feature remains enabled for this application.
- Save & Exit.
Recommended For You
Recommended videos not found.