Configure System Application Overrides
Table of Contents
Configure System Application Overrides
Lets see how to configure system application overrides in Prisma SD-WAN.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
System applications are applications that
are defined, managed, and maintained by Prisma SD-WAN. These applications
are pre-loaded and continuously updated in your system. Prisma SD-WAN
allows users to customize system applications by configuring overrides.
The values defined will override the default values defined in the
system. System Application attributes that you may customize include
application category, ingress traffic, connection idle timeout,
transfer type, and path affinity. To configure system application
overrides:
- Select .Select a system application and from the ellipsis menu, select Add Override.(Optional) From the Category drop-down, select a category to override the existing category for a given application.(Optional) From the Path Affinity drop-down, select Strict or None.Strict—If a path selected for a client session is available within policy, subsequent application sessions from the same client for this application will adhere to the originally-selected path.None—It is the opposite of strict. Each subsequent client session will be free to take any path allowed by policy as long as that path is available within the service level agreement (SLA).(Optional) From the Transfer Type drop-down, select transfer type as Transactional, Bulk, Real-Time Audio, or Real-Time Video.Select Use Parent App Network Policy, where child applications use the network policies of their parent applications.This functionality is disabled by default and is currently available only for Google applications.(Optional) Enter a percentage value for Ingress Traffic Capacity.This value indicates application traffic characteristics with respect to ingress. If an application takes longer to download, configure a higher value for ingress traffic percentage.(Optional) Enter a value in seconds for Connection Idle Timeout.The new value will be applicable for new flows, while existing flows will continue to use the old timeout value. If the ION device does not see a flow termination sequence for a given flow and there is no activity on the flow, then the ION device will delete its internal flow state after the configured idle timeout.Select Unreachability Detection to monitor applications for reachability.Application reachability is used to determine if a given application is reachable on a given path. This information is useful when making path selection decisions. If an application is unreachable on a given path, then that path is not used. If all paths are marked unreachable, then one of the active paths, as defined in application path policy is selected.The ION device continuously monitors communication between clients (on the LAN side) and servers (on the WAN side). If the ION device determines that a server is not responding to a client's messages on a given path, it triggers the application reachability feature. The ION device actively probes the server on that path to ensure that the server is reachable and responding.The ION device monitors communication only for the TCP flows initiated from the LAN side of the ION device. All TCP applications have the unreachability detection feature enabled by default. When adding a system application override, this feature can be disabled optionally. If no value is selected for this field, then the unreachability detection feature remains enabled for this application.Save & Exit.
