Monitor SD-WAN Application and Link Performance

Monitor your VPN clusters by viewing the health status of applications and links.
Monitor the application and link performance in your VPN clusters to troubleshoot issues by viewing summary information across all VPN clusters and then successively drilling down to isolate the issues to affected sites, applications, and links. Visibility on SD-WAN traffic is shown on the SD-WAN firewall receiving the traffic. For example, for traffic from the hub firewall to the branch firewall, the SD-WAN monitoring data is reflected on the branch firewall. The landing dashboard displays:
  • App Performance
    • Impacted
      —One or more applications in the VPN cluster for which none of the paths have jitter, latency, or packet loss performance that meet the specified thresholds in the Path Quality Profile in the list of paths from which the firewall can choose.
    • OK
      —Number of VPN clusters, hubs, and branches that are experiencing no jitter, latency, or packet loss performance issues.
  • Link Performance
    • Error
      —One or more sites in the VPN cluster have connectivity issues such as when a tunnel or a virtual interface (VIF) is down.
    • Warning
      —Number of VPN clusters, hubs, and branches that have links with jitter, latency, or packet loss performance measurements that exceed the moving seven-day average value of the metric.
    • OK
      —Number of VPN clusters, hubs, and branches that are experiencing no jitter, latency, or packet loss performance issues.
If a hub or branch firewall have an SD-WAN policy rule configured with Forward Error Correction, an
Error Correction Initiated
message is displayed to notify you that the hub or branch firewall detected and corrected errors in transmitted data for an application.
SD-WAN hubs display
Error Correction Initiated
only if traffic originated from the SD-WAN hub to the SD-WAN branch and matched an SD-WAN policy rule with an error correction profile attached.
From the landing dashboard, narrow the view to impacted applications or links that have the Error or Warning status. Then select an affected site to view site-level details. From the site, view application-level or link-level details.
See Monitor Prisma Access Hub Application and Link Performanceto monitor application and link performance for Prisma Access hubs.
If no data is present or the screen indicates that SD-WAN is undefined, check in the Compatibility Matrix that the Panorama release you are using supports the SD-WAN plugin release you are trying to use.
  1. Select
    Panorama
    SD-WAN
    Monitoring
    to view at-a-glance health status summaries of your VPN clusters, hubs, and branches.
  2. Click an App Performance or Link Performance summary that indicates Impacted, Error, or Warning counts to view a detailed list of sites and their status based on latency, jitter, and packet loss.
  3. Click a site that displays Warning or Error to see one VPN cluster. The site data display App Performance and Link Performance, including the impacted applications. Additionally, use the Sites filter to view VPN clusters based on link notifications, latency deviations, jitter deviations, packet loss deviations, or impacted applications.
    For SaaS applications over a Direct Internet Access (DIA) link, the
    SaaS Monitoring
    column indicates whether the app is created in a SaaS Quality profile and associated with one or more SD-WAN policy rules.
    • Disabled
      —The app is not a SaaS application configured in a SaaS Quality profile.
    • Enabled
      —The app is a SaaS application configured in a SaaS Quality profile and is associated with a single SD-WAN policy.
    • Multiple
      —The app is a SaaS application configured in a SaaS Quality profile and is associated with a multiple SD-WAN policies.
    If you associated an error correction profile with an SD-WAN policy rule for an application, the
    Error Correction Applied
    columns displays if and what type of error correction was applied. Additionally, you can view the
    Error Corrected Sessions/Impacted Sessions/Total Sessions
    to understand how many sessions were error corrected by the branch or hub firewall out of the total number of sessions for the specified timeframe.
    Click
    PDF/CSV
    to export the detailed health information for the applications and links in the Site in PDF or CSV format
  4. Click the branch or hub that has an application that needs attention.
  5. Click an impacted application to view application-level or link-level details.
    For example, view the link characteristics for an application to understand the latency, jitter and packet loss for the application over the specified link. Additionally, you can view when error correction was applied for the link.

Recommended For You