Configure System Application Overrides

System applications are applications that are defined, managed, and maintained by Prisma SD-WAN. These applications are pre-loaded and continuously updated in your system. Prisma SD-WAN allows users to customize system applications by configuring overrides. The values defined will override the default values defined in the system. System Application attributes that you may customize include application category, ingress traffic, connection idle timeout, transfer type, and path affinity. To configure system application overrides:
  1. On the Prisma SD-WAN web interface, select either
    Stacked Policies
    Policies (Original)
    and click
  2. Select a system application and from the ellipsis menu, select
    Add Override
  3. (Optional)
    From the
    drop-down, select a category to override the existing category for a given application.
  4. (Optional)
    From the
    Path Affinity
    drop-down, select
    —If a path selected for a client session is available within policy, subsequent application sessions from the same client for this application will adhere to the originally-selected path.
    —It is the opposite of strict. Each subsequent client session will be free to take any path allowed by policy as long as that path is available within the service level agreement (SLA).
  5. (Optional)
    From the
    Transfer Type
    drop-down, select transfer type as
    Real-Time Audio
    , or
    Real-Time Video
  6. Select
    Use Parent App Network Policy
    , where child applications use the network policies of their parent applications.
    This functionality is disabled by default and is currently available only for Google applications.
  7. (Optional)
    Enter a percentage value for
    Ingress Traffic Capacity
    This value indicates application traffic characteristics with respect to ingress. If an application takes longer to download, configure a higher value for ingress traffic percentage.
  8. (Optional)
    Enter a value in seconds for
    Connection Idle Timeout
    The new value will be applicable for new flows, while existing flows will continue to use the old timeout value. If the ION device does not see a flow termination sequence for a given flow and there is no activity on the flow, then the ION device will delete its internal flow state after the configured idle timeout.
  9. Select
    Unreachability Detection
    to monitor applications for reachability.
    Application reachability is used to determine if a given application is reachable on a given path. This information is useful when making path selection decisions. If an application is unreachable on a given path, then that path is not used. If all paths are marked unreachable, then one of the active paths, as defined in application path policy is selected.
    The ION device continuously monitors communication between clients (on the LAN side) and servers (on the WAN side). If the ION device determines that a server is not responding to a client's messages on a given path, it triggers the application reachability feature. The ION device actively probes the server on that path to ensure that the server is reachable and responding.
    The ION device monitors communication only for the TCP flows initiated from the LAN side of the ION device. All TCP applications have the unreachability detection feature enabled by default. When adding a system application override, this feature can be disabled optionally. If no value is selected for this field, then the unreachability detection feature remains enabled for this application.
  10. Save & Exit

Recommended For You