Set Up SD-WAN

1. Log in to Strata Cloud Manager.
2. Onboard your SD-WAN firewalls to .
   All newly added firewalls are added the All Firewalls folder by default.
3. Activate the SD-WAN license on your firewall.
4. Create the SD-WAN folders for hub and branch firewalls.
   Separate folders for your hub and branch firewalls are required to containing all SD-WAN configuration objects specific to hub and branch firewall deployments.
   1. Select WorkflowsNGFW SetupFolder Management and Add Folder.
      Add new folders for your hub and branch SD-WAN firewalls.
   2. In Folder Management, locate your hub and branch firewalls and expand the Actions menu to Move your firewalls.
      For the Destination, select the hub or branch folder you created and Move.
5. Create the four predefined SD-WAN zones.
   SD-WAN policy rules use predefined zone for internal path selection and traffic forwarding purposes. Create the following predefined SD-WAN zones. Repeat this step to create all four required predefined SD-WAN zones.

   • zone-to-branch
   • zone-to-hub
   • zone-internal
   • zone-internet
6. Create link tags.
   Create a link tag to identify one or more physical links that you want applications and services to use in a specific ordering during SD-WAN traffic distribution and failover protection. Grouping multiple physical links allows you to maximize the application service quality if the physical link health deteriorates.
   1. Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesSD-WAN PolicyLink Tags and create your link tags at the All Firewalls Context Scope.
      Palo Alto Networks recommends creating all link tags at the All Firewalls folder level to ensure link tags are available to all SD-WAN firewalls regardless of the folder they’re associated with.
   2. Add Tag.
   3. Enter a Name and select a Color to identify the link tag.
   4. Save.
7. Configure SD-WAN.