Use Case: Configure SaaS Monitoring for a Branch Firewall
Configure SaaS monitoring for an SD-WAN branch firewall
with a Direct Internet Access (DIA) link to a business-critical
If your organization is leveraging a business-critical
SaaS application at a branch firewall location, you can configure
a SaaS Quality profile and associate it with a SD-WAN policy rule
to monitor the latency, jitter, and packet loss health metrics of the
critical SaaS application and swap links from an SD-WAN branch firewall
to a SaaS application on a Direct Internet Access (DIA) link to
ensure application usability.
If the business-critical SaaS
application DIA link health metric thresholds are exceeded, the
link is swapped to the next DIA link configured in the Traffic Distribution
profile for all new sessions. The existing session on the degraded
DIA link is not swapped over to the next DIA link.
Create multiple Link Tags for your DIA links in order to
apply different SD-WAN monitoring settings for each SaaS application
DIA link based on the link type.
Additionally, you can create
a single Link Tag for multiple DIA links to group the links into
a single link bundle. Creating a single Link Tag for multiple DIA
links allows you to aggregate bandwidth between bundled links and
allow the firewall to distribute sessions between multiple links.
Configure an SD-WAN
Interface profile to define the characteristics of your ISP connection
and specify the speed of the DIA link, how frequently the branch
firewall monitors the link, and select the Link Tag to specify to
which link the SD-WAN Interface profile applies.
If you created multiple Link Tags, you must configure an SD-WAN
Interface profile for each Link Tag.
If you created a link bundle by assigning multiple DIA
links to a single Link Tag, specifying that link tag applies the
SD-WAN Interface profile settings to all DIA links in the bundle.
The firewall virtual router uses this virtual SD-WAN interface
to route SD-WAN traffic to a DIA location. The SD-WAN path health
and Traffic Distribution profiles in the SD-WAN policy rule then
determine which path to use and the order in which to consider new
paths if a path health deteriorates.
Create a Path Quality
profile to configure the latency, jitter, and packet loss thresholds
and sensitivity in order to specify when the branch firewall should swap
to the next DIA link.