SD-WAN Application/Service Tab
Table of Contents
Expand all | Collapse all
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Decryption > Forwarding Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
End-of-Life (EoL)
SD-WAN Application/Service Tab
Application/Service tab in the SD-WAN policy rule configuration
window.
- PoliciesSD-WANApplication/Service
Select the Application/Service tab
to specify the applications or services to which the SD-WAN policy rule
applies and to specify profiles (Path Quality, SaaS Quality, and
Error Correction profiles) that apply to the applications or services.
Field | Description |
|---|---|
Path Quality Profile | Select a path quality profile that determines
the maximum jitter, latency and packet loss percentage thresholds
you want to apply to the specified applications and services. If
a path quality profile has not yet been created, you can create
a New SD-WAN Path Quality Profile. |
SaaS Quality Profile | Select a SaaS quality profile to specify
the path quality thresholds for latency, jitter, and packet loss
for a hub or branch firewall that has Direct Internet Access (DIA)
link to a Software-as-a-Service (SaaS) application. If a SaaS quality
profile has not yet been created, you can create a New
SaaS Quality Profile. Default is None (disabled). |
Error Correction Profile | Select an Error Correction Profile or
create a new Error Correction
Profile, which specifies the parameters to control forward
error correction (FEC) or path duplication for the applications
or services specified in the rule. This profile can be used by either
hub or branch firewall. Default is None (disabled). |
Applications | Add specific applications
for the SD-WAN policy rule, or select Any.
If an application has multiple functions, select the overall application
or individual functions. If you select the overall application,
all functions are included and the application definition is automatically
updated as future functions are added. If you are using application
groups, filters, or containers in the SD-WAN policy rule, view details
of these objects by hovering over the object in the Application
column, opening the drop-down, and selecting Value.
This allows you to view application members directly from the policy
without having to navigate to the Object tab. Add only business-critical applications
that are affected by latency, jitter, or packet loss. Avoid adding
application categories or sub-categories as these are too broad
and do not allow for per-application control. |
Service | Add specific services
for the SD-WAN policy rule and select on which ports packets from
these services are allowed or denied:
When you use this option, only the
default port matches the SD-WAN policy and action is enforced. Other
services not on the default port may be allowed depending on the
Security policy rule, but do not match the SD-WAN policy, and no
SD-WAN policy rule action is taken. For
most services, use application-default to prevent
the service from using non-standard ports or exhibiting other evasive
behaviors. If the default port for the service changes, the firewall
automatically updates the rule to the correct default port. For
services that use non-standard ports, such as internal custom services,
either modify the service or create a rule that specifies the non-standard
ports and apply the rule only to the traffic that requires the service.
|