https://live.paloaltonetworks.com/t5/next-generation-firewall/sd-wan-traffic-control-from-the-hub-side/m-p/997531#M5206 <P>Good Day</P> <P>&nbsp;</P> <P>I am not sure which version of the SDWAN solution (PanOS vs Prisma SDWAN) you are using, so I am presuming PANOS SDWAN, else you would have mentioned IONs and SCM configurations.</P> <P>&nbsp;</P> <P>I did not hear mention of the required Panorama and SDWAN licensing in your query.&nbsp; I presume the SDWAN licensing has been utilized.</P> <P>Can you just confirm that Panorama is also part of the solution, so push down the configurations from the Panorama to the FWs (both HuB and Branch sites)</P> <P>&nbsp;</P> <P>If you have 3 uplinks of various speeds, the SDWAN configurations (presuming you are using Panorama with current SDWAN plugin) and FWs with the correct SDWAN licensing, should utilize the expected feature that the best link should be used in communicating from Branch to Hub.&nbsp; How much Hub-sourced to Branch-destined traffic is occurring.</P> <P>&nbsp;</P> <P>You may want to speak with your local PANW Domain Consultant (formerly SEs) to further assistance.</P> <P>&nbsp;</P> Tue, 10 Dec 2024 20:30:24 GMT S.Cantwell 2024-12-10T20:30:24Z https://live.paloaltonetworks.com/t5/next-generation-firewall/sd-wan-traffic-control-from-the-hub-side/m-p/996955#M5179 <P>Hi Guys,</P> <P><BR />our Palo Alto on the HUB side is equipped with a single 10G uplink interface. On the Spoke side, there are three uplinks with varying bandwidths, and in this setup, the Panorama SD-WAN plugin generates three IPsec tunnels. I can manage traffic from the Spoke to the HUB using SD-WAN Rules and Traffic Distribution Profiles.</P> <P>However, is it possible to control traffic from the HUB to the Spoke? Currently, traffic is evenly distributed across all three links. This causes issues, as a link with very low bandwidth is also used, leading to congestion and degraded performance.<BR /><BR />Best regards<BR />&nbsp;Dirk</P> Fri, 06 Dec 2024 12:23:14 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/sd-wan-traffic-control-from-the-hub-side/m-p/996955#M5179 D.Henze 2024-12-06T12:23:14Z https://live.paloaltonetworks.com/t5/next-generation-firewall/sd-wan-traffic-control-from-the-hub-side/m-p/997531#M5206 <P>Good Day</P> <P>&nbsp;</P> <P>I am not sure which version of the SDWAN solution (PanOS vs Prisma SDWAN) you are using, so I am presuming PANOS SDWAN, else you would have mentioned IONs and SCM configurations.</P> <P>&nbsp;</P> <P>I did not hear mention of the required Panorama and SDWAN licensing in your query.&nbsp; I presume the SDWAN licensing has been utilized.</P> <P>Can you just confirm that Panorama is also part of the solution, so push down the configurations from the Panorama to the FWs (both HuB and Branch sites)</P> <P>&nbsp;</P> <P>If you have 3 uplinks of various speeds, the SDWAN configurations (presuming you are using Panorama with current SDWAN plugin) and FWs with the correct SDWAN licensing, should utilize the expected feature that the best link should be used in communicating from Branch to Hub.&nbsp; How much Hub-sourced to Branch-destined traffic is occurring.</P> <P>&nbsp;</P> <P>You may want to speak with your local PANW Domain Consultant (formerly SEs) to further assistance.</P> <P>&nbsp;</P> Tue, 10 Dec 2024 20:30:24 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/sd-wan-traffic-control-from-the-hub-side/m-p/997531#M5206 S.Cantwell 2024-12-10T20:30:24Z https://live.paloaltonetworks.com/t5/next-generation-firewall/sd-wan-traffic-control-from-the-hub-side/m-p/998038#M5220 <P>Hi,</P> <P>Thank you very much.</P> <P>You are absolutely correct; we are using PANOS SD-WAN, and the SD-WAN licensing has been utilized.<BR />I can also confirm that we exclusively use the Panorama SD-WAN configuration.</P> <P>The communication from the branch side works as expected. However, I am unable to control the traffic flow from the hub to the branch side.<BR />It seems that traffic from the hub to the branch side is distributed in a round-robin fashion across all three tunnel interfaces.</P> Thu, 12 Dec 2024 11:32:19 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/sd-wan-traffic-control-from-the-hub-side/m-p/998038#M5220 D.Henze 2024-12-12T11:32:19Z