12-06-2024 04:23 AM
Hi Guys,
our Palo Alto on the HUB side is equipped with a single 10G uplink interface. On the Spoke side, there are three uplinks with varying bandwidths, and in this setup, the Panorama SD-WAN plugin generates three IPsec tunnels. I can manage traffic from the Spoke to the HUB using SD-WAN Rules and Traffic Distribution Profiles.
However, is it possible to control traffic from the HUB to the Spoke? Currently, traffic is evenly distributed across all three links. This causes issues, as a link with very low bandwidth is also used, leading to congestion and degraded performance.
Best regards
Dirk
12-10-2024 12:30 PM
Good Day
I am not sure which version of the SDWAN solution (PanOS vs Prisma SDWAN) you are using, so I am presuming PANOS SDWAN, else you would have mentioned IONs and SCM configurations.
I did not hear mention of the required Panorama and SDWAN licensing in your query. I presume the SDWAN licensing has been utilized.
Can you just confirm that Panorama is also part of the solution, so push down the configurations from the Panorama to the FWs (both HuB and Branch sites)
If you have 3 uplinks of various speeds, the SDWAN configurations (presuming you are using Panorama with current SDWAN plugin) and FWs with the correct SDWAN licensing, should utilize the expected feature that the best link should be used in communicating from Branch to Hub. How much Hub-sourced to Branch-destined traffic is occurring.
You may want to speak with your local PANW Domain Consultant (formerly SEs) to further assistance.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
