Objects > SD-WAN Link Management > Traffic Distribution
Table of Contents
Expand all | Collapse all
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > GTP Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Decryption > Forwarding Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Device Block List
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Scheduled Config Export
End-of-Life (EoL)
Objects > SD-WAN Link Management > Traffic Distribution
Create an SD-WAN traffic distribution profile to define
how the firewall distributes sessions and fails over to a better
path.
For this Traffic Distribution profile,
select the method the firewall uses to distribute sessions and to
fail over to a better path when path quality deteriorates. Add the
Link Tags that the firewall considers when determining the link
over which it forwards SD-WAN traffic. You apply a Traffic Distribution
profile to each SD-WAN policy rule you create.
Traffic Distribution Profile | |
|---|---|
Name | Enter a Name for
the Traffic Distribution Profile using a combination and maximum
of 31 alphanumeric characters, hyphens, spaces, underscores, and
periods. |
Best Available Path | If cost is not a factor and you will allow
applications to use any path out of the branch, select Best
Available Path. The firewall distributes traffic and
fails over to a link from among the links belonging to all the link
tags in the list based on path quality metrics to provide the best
application experience to users. |
Top Down Priority | If you have expensive or low capacity links
that you want to use only as a last resort or as backup links, select
the Top Down Priority method and place the
tags that include those links last in the list of Link
Tags for this profile. The firewall first uses the top
link tag in the list to determine which links over which it will session
load traffic and to which it will fail over. If none of the links
in the top link tag are qualified, the firewall selects a link from
the second link tag in the list. If none of the links in the second
link tag are qualified, the process continues as necessary until
the firewall finds a qualified link. If all associated links are
overloaded and no link meets quality thresholds, the firewall uses
the Best Available Path method to select a link over which to forward
traffic. If the jitter, latency, or packet loss for an application
exceeds the configured threshold, the firewall starts at the top
of the Top Down list of link tags to find a link to which it fails
over. |
Weighted Session Distribution | Select Weighted Session Distribution if
you want to manually load traffic (that matches the rule) onto your
ISP and WAN links and you don’t require failover during brownout
conditions. You manually specify the load for the link when you
apply a static percentage of new sessions that interfaces grouped
with a single tag will get. For example, select this method for
applications that aren’t sensitive to latency and that require a lot
of the bandwidth capacity of the link, such as large branch backups
and large file transfers. However, if the link experiences brownout,
the firewall doesn’t redirect the matching traffic to a different
link. |
Link Tags | Add the Link Tags you
want the firewall to consider during the link selection process
you chose for this profile. The order of tags matters if you chose
the Top Down Priority method; you can Move
Up or Move Down tags to change
the order. |
Weight | If you chose the Weighted Session Distribution
method, enter a percentage for each link tag you added. The sum
of the percentage values must equal 100%. |