Prisma SD-WAN Articles
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
This guide captures Prisma SD-WAN Best Practices in a form of product settings, configurations, procedures that have been shown by experience to produce optimal results and that can be established or proposed suitable for widespread adoption.
View full article
Introduction Building upon the strong application identification and performance characterization capabilities of Prisma SD-WAN, App SLA Assurance enables a flexible framework for the both Application and Network SLAs.  By first understanding the application using Palo Alto Networks App-ID technology, Prisma SD-WAN is able to identify thousands of applications out of the box in addition to custom L3/L4 and L7 application definitions.  By combining the application and network performance characterization with the control of the Prisma SD-WAN policy model, network operators are able to deliver an exceptional end-user experience while simplifying day 2 operations.     Real-User Performance Characterization After an application is identified the performance of each real user session is characterized including: Initialization Success / Failure Rate - TCP 3-way handshake Transaction Success / Failure Rate - TCP Retransmission Application Round Trip Time Application Server Response Time Application Transaction Time Voice MOS Voice / Video Packet Loss Voice / Video Jitter   Link Quality Metrics Additionally there are two "Always On" technologies used to determine point to point transport (IE Link Quality) performance as well as service performance.  For Link Quality the following metrics are measured: Round Trip Latency Packet Loss (Bi-directional) Jitter (Bi-directional) Link MOS (Bi-directional) Bandwidth Consumption (Bi-directional) Service Probing The second "Always On" performance characterization method uses defined (default and custom) service probing for multiple protocols including ICMP, DNS, HTTP, HTTPS and measures: HTTP/S Response Time HTTP/S Response Code HTTP/S Response String HTTP/S Response Success / Failure DNS Response Success / Failure DNS Transaction Time ICMP Packet Loss ICMP Round Trip Latency ICMP Round Trip Jitter The default probes measure: ICMP response to Google G-suite : apps.google.com ICMP response to CloudFlare DNS : 1.1.1.1 ICMP response to Microsoft Teams : teams.microsoft.com   These probes enable the system to determine the per path performance to a specific service endpoint which is then used to make the most informed path selection decision.  Up to 8 probes can be configured per Circuit and can be sent on any combination of Prisma SD-WAN overlay, Standard VPN overlay, and Underlay.    Path Selection The various real time metrics are each fed back into path selection and used to protect existing application sessions by moving active traffic around issues as well as placing new application sessions onto the best performing path.  The path selection intent is specified in path policy rules.     Quality-Based Control The definition of application and network SLAs is controlled via the Prisma SD-WAN Performance Policy.  In Performance Policy desired actions are first selected.  These include: Generate Incident - If the SLA parameters are violated an incident will be created. Move Flows - Move new and existing flows away from paths that do not meet the SLA. Forward Error Correction - If a SLA compliant path is not available then invoke adaptive FEC to correct packet loss.   Packet Duplication - Duplicate the packets of a flow on up to 3 paths.   Visibility - Link Quality SLAs configured will be reflected on the Link Quality time series charts.   Furthermore, detailed match criteria enable flexible tuning of the SLA parameters: Application IDs - One or more App-IDs Application Transfer Types Circuit Categories Path Types Service & DC Groups SLA Type - Application, Network, Probe   Summary Prisma SD-WAN Application SLA assurance provides out of the box protection and can be tuned to most nuanced needs of any enterprise, thus enabling the delivery of an exceptional end user application experience while simplifying day 2 operations.     For step by step guides on how to configure App SLA rules please review the Prisma SD-WAN Admin Guide: https://docs.paloaltonetworks.com/prisma/prisma-sd-wan/prisma-sd-wan-admin  
View full article
This video will walk you through some of the upcoming changes to the Prisma SD-WAN user interface as it becomes a part of the Strata Cloud Manager:   For an introductory guide to Prisma SD-WAN in the Strata Cloud Manager please visit here.   For a detailed guide for all products in the Strata Cloud Manager please visit here.   For all of the Prisma SD-WAN content please visit here.   For the Pre-Migration Prisma SD-WAN admin guide please visit here.   For an overview of the tenant requirements please visit here (customer login required).
View full article
Learn about latest Prisma SDWAN UI Enhancements
View full article
Prisma SD-WAN Instant-On Network (ION) models enable integration of a diverse set of WAN connection types,  
View full article
The attached document describes how to send encrypted traffic from a Prisma SD-WAN branch to an Azure VNET across a site to site VPN.
View full article
  • 12 Posts
  • 223 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors