https://live.paloaltonetworks.com/t5/next-generation-firewall/traffic-distribution-methodology/m-p/520079#M533 <P>We have 35 PA firewalls all using SD-WAN and have (typically) the following configuration for WAN connections...</P> <P>&nbsp;</P> <P>100M TC4 Internet</P> <P>20M TC2 Internet (best quality)</P> <P>5G Cellular Internet (always on)</P> <P>&nbsp;</P> <P>We have the following traffic distribution profiles...</P> <P>&nbsp;</P> <P>Critical Traffic - TC2, TC4, Cellular (top down priority)</P> <P>Standard Traffic - TC4, TC2, Cellular (top down priority)</P> <P>&nbsp;</P> <P>Critical traffic is used for voice and internal web traffic, as well as AD services (dns, kerberos, ldap).&nbsp; Standard traffic is used for anything else.</P> <P>&nbsp;</P> <P>We have seen large amounts of traffic (approx. 400G/month) across the Cellular services.&nbsp; I have done further inspection and not seen any failure of TC4 or TC2 services that correspond with dates when there are large amounts of traffic shown on the Cellular equipment.&nbsp; Whilst the cellular service is an 'always on' (not dial on demand) the equipment provider (Cradlepoint) indicated keepalive/management traffic should be well les than 1G per day.<BR /><BR /><BR /></P> <P>As noted, the priority is a 'top down' configuration.&nbsp; The best path for traffic is not necessarily the highest bandwidth.</P> <P>&nbsp;</P> <P>Q:&nbsp; What constitutes going to the next path in the selection order?</P> <P>Q:&nbsp; Is top down the best approach?</P> <P>Q:&nbsp; If not, what would the best approach be to ensure only fixed line services are used unless there is a total failure of both fixed line services?</P> <P>Q:&nbsp; Should the above be used in conjunction with either/or/and Path Quality and SaaS Quality profiles?</P> Wed, 02 Nov 2022 21:33:22 GMT Reece.Boucher 2022-11-02T21:33:22Z https://live.paloaltonetworks.com/t5/next-generation-firewall/traffic-distribution-methodology/m-p/520079#M533 <P>We have 35 PA firewalls all using SD-WAN and have (typically) the following configuration for WAN connections...</P> <P>&nbsp;</P> <P>100M TC4 Internet</P> <P>20M TC2 Internet (best quality)</P> <P>5G Cellular Internet (always on)</P> <P>&nbsp;</P> <P>We have the following traffic distribution profiles...</P> <P>&nbsp;</P> <P>Critical Traffic - TC2, TC4, Cellular (top down priority)</P> <P>Standard Traffic - TC4, TC2, Cellular (top down priority)</P> <P>&nbsp;</P> <P>Critical traffic is used for voice and internal web traffic, as well as AD services (dns, kerberos, ldap).&nbsp; Standard traffic is used for anything else.</P> <P>&nbsp;</P> <P>We have seen large amounts of traffic (approx. 400G/month) across the Cellular services.&nbsp; I have done further inspection and not seen any failure of TC4 or TC2 services that correspond with dates when there are large amounts of traffic shown on the Cellular equipment.&nbsp; Whilst the cellular service is an 'always on' (not dial on demand) the equipment provider (Cradlepoint) indicated keepalive/management traffic should be well les than 1G per day.<BR /><BR /><BR /></P> <P>As noted, the priority is a 'top down' configuration.&nbsp; The best path for traffic is not necessarily the highest bandwidth.</P> <P>&nbsp;</P> <P>Q:&nbsp; What constitutes going to the next path in the selection order?</P> <P>Q:&nbsp; Is top down the best approach?</P> <P>Q:&nbsp; If not, what would the best approach be to ensure only fixed line services are used unless there is a total failure of both fixed line services?</P> <P>Q:&nbsp; Should the above be used in conjunction with either/or/and Path Quality and SaaS Quality profiles?</P> Wed, 02 Nov 2022 21:33:22 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/traffic-distribution-methodology/m-p/520079#M533 Reece.Boucher 2022-11-02T21:33:22Z