Create the SD-WAN folders for hub and branch firewalls.
Separate folders for your hub and branch firewalls are required to containing
all SD-WAN configuration objects specific to hub and branch firewall
deployments.
Select WorkflowsNGFW SetupFolder Management and Add Folder.
Add new folders for your hub and branch SD-WAN firewalls.
In Folder Management, locate your hub and branch firewalls and expand
the Actions menu to Move your firewalls.
For the Destination, select the hub or branch
folder you created and Move.
SD-WAN policy rules use predefined zone for internal path selection and
traffic forwarding purposes. Create the following predefined SD-WAN zones.
Repeat this step to create all four required predefined SD-WAN zones.
zone-to-branch
zone-to-hub
zone-internal
zone-internet
Create link tags.
Create a link tag to identify one or more physical links that you want
applications and services to use in a specific ordering during SD-WAN
traffic distribution and failover protection. Grouping multiple physical
links allows you to maximize the application service quality if the physical
link health deteriorates.
Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesSD-WAN PolicyLink Tags and create your link tags at the All
Firewalls Context Scope.
Palo Alto Networks recommends creating all link tags at the
All Firewalls folder level to
ensure link tags are available to all SD-WAN firewalls
regardless of the folder they’re associated with.
Add Tag.
Enter a Name and select a
Color to identify the link tag.