Palo alto sdwan dia Saas profile issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Palo alto sdwan dia Saas profile issue

L0 Member

Recently we have enabled SDWAN DIA setup in the firewall without the Panorama, all the routing and link switchover works fine as expected.

However we ran into the issue now, we have saas profile probing cisco.com using https when the cisco.com was not reachable via both the ISP the saas profile active monitor went down, since the site was temporarily down for sometime, the internet traffic was not working using the default catch-all policy 

example policies:

rule number - 1

source address - project vlan

source zone - trust

destination address - any

destination zone - untrust

application - any

path quality profile - general-web

saas quality - cisco.com(https)

traffic distribution - best path (two ISPs)  

Rule 2:

source address - any

source zone - trust

destination address - any

destination zone - untrust

application - any

path quality profile - general-web

saas quality - NA

traffic distribution - best path (two ISPs)  

 

is there a way to bypass the sdwan policy to which the saas monitoring went down and choose the available policy for internet access

 

Note: No issues at ISPs

 

0 REPLIES 0
  • 141 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!