Strata Cloud Manager

Strata Cloud Manager

1. Log in to Strata Cloud Manager.
2. Select ManageConfigurationNGFW and Prisma Access and in the Overview, select the branch folder for which you want to create your SD-WAN Link Management profiles.

   To make the Error Correction profile available to all SD-WAN firewalls regardless of folder association, select All Firewalls.
3. Create a Traffic Distribution profile.

   The Traffic Distribution profile specifies how the firewall selects paths for session load distribution and for path failover when the firewall detects a brownout, blackout, or path deterioration for an application. Before you can configure a Traffic Distribution profile, you must create all your link tags so the firewall can know which paths to fail over to.

   1. Select Security ServicesSD-WAN PolicyProfilesTraffic Distribution.
   2. Add Profile.
   3. Enter a descriptive Name.
   4. Select the Traffic Distribution method the firewall uses to determine which path to fail over to.

      Only a single Traffic Distribution method is supported for a Traffic Distribution profile.

      • Best Available Path—Select this method if cost isn’t a factor and you allow applications to use any path out of the branch. The firewall uses the predefined Path Quality metrics to distribute traffic and to fail over to one of the links belonging to a Link Tag in the list, thus providing the best application experience to users.
      • Top Down Priority—Select this method if you have expensive or low-capacity links that you want used only as a last resort or as a backup link. When using this method, order your Link Tags so that the paths you want used as a last resort are at the bottom of the Link Tag list. The firewall uses the top Link Tag in the list first to determine the links on which to session load traffic and on which to fail over. If none of the links in the top Link Tag are qualified based on the predefined Path Quality profile, the firewall selects a link from the second Link Tag in the list. If none of the links in the second Link Tag are qualified, the process continues as necessary until the firewall finds a qualified link in the last Link Tag. If all associated links are overloaded and no link meets quality thresholds, the firewall uses the Best Available Path method to select a link on which to forward traffic. At the start of a failover event, the firewall starts at the top of the Top-Down Priority list of Link Tags to find a link to which it fails over.
      • Weighted Session Distribution—Select this method if you want to manually load traffic (that matches the rule) onto your ISP and WAN links and you don’t require failover during brownout conditions. You manually specify the link load when you apply a static percentage of new sessions that the interfaces grouped with a single Link Tag will get. The firewall distributes new sessions using round-robin among the links having the specified Link Tags, until the link assigned the lowest percentage reaches that percentage of sessions. The firewall then uses one or more remaining links in the same manner. You might select this method for applications that aren’t sensitive to latency and that require much of the link’s bandwidth capacity, such as large branch backups and large file transfers.
   5. Add Link Tags .

      When adding and ordering your Link Tags, be sure consider the Traffic Distribution method you selected to ensure the firewall selects the appropriate path.
   6. Save.