- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-16-2024 06:03 AM - edited 12-16-2024 06:06 AM
Recently we have enabled SDWAN DIA setup in the firewall without the Panorama, all the routing and link switchover works fine as expected.
However we ran into the issue now, we have saas profile probing cisco.com using https when the cisco.com was not reachable via both the ISP the saas profile active monitor went down, since the site was temporarily down for sometime, the internet traffic was not working using the default catch-all policy
example policies:
rule number - 1
source address - project vlan
source zone - trust
destination address - any
destination zone - untrust
application - any
path quality profile - general-web
saas quality - cisco.com(https)
traffic distribution - best path (two ISPs)
Rule 2:
source address - any
source zone - trust
destination address - any
destination zone - untrust
application - any
path quality profile - general-web
saas quality - NA
traffic distribution - best path (two ISPs)
is there a way to bypass the sdwan policy to which the saas monitoring went down and choose the available policy for internet access
Note: No issues at ISPs
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!