Configuring WAN Rules for SD-WAN Router in Command Center

Overview

You can use Command Center to centrally manage WAN Rules across your SD-WAN Router deployments. All WAN Rules you configure in your SD-WAN Network synchronize to all SD-WAN Router appliances in your network.

cc-wanrules.png

WAN Policies

WAN Policies in SD-WAN Router define the outgoing Internet link for network traffic that meets the criteria you define in WAN Rules.

Command Center includes several pre-defined WAN Policies based on nonspecific criteria that can apply generally to multiple SD-WAN Router appliances. These include:

Non LTE WANs - This set of WAN Policies refers to all WAN interfaces except the LTE interface in case the policy is synchronized to an e6wl appliance. The Non LTE WAN policies are designed to identify the optimal WAN link based on Jitter, Latency, or Available Bandwidth. 

Specific WANs - This set of WAN Policies refers to specific WAN interfaces. These are useful when defining failover scenarios such as an LTE WAN, or in circumstances where a specific WAN link is preferred regardless of performance metrics.

After synchronizing to SD-WAN Router appliances, the policies managed by Command Center appear alongside locally configured WAN Policies. 

Note: Centrally managed WAN Policies are editable through the SD-WAN Router administration, however changes are overwritten during the next synchronization. 

Configuring WAN Rules

WAN Rules define the conditions for policy-based routes. For example, you can send traffic to an Internet backup server through a secondary WAN link to preserve bandwidth for real-time communication on the primary WAN link. Each rule must define at least one criteria and a corresponding WAN Policy.

cc-wan-rule-edit.png

To create a WAN Rule:

  1. Go to SD-WAN and select a network
  2. Locate the WAN Rules widget and click Add
  3. Assign a name to the rule
  4. Select a criteria (refer to the table below for a description of each criteria)
  5. Once you define at least one criteria, click Add
  6. Choose a WAN Policy to specify how to route traffic that meets your criteria
  7. Click Save

Note: Items you add to the WAN Rule criteria are combined with a logical operator "and". This means that all of the criteria in the rule must evaluate true.

Rule criteria

Criteria Description
Application name The name of an application. This input supports a dropdown selector and autocompletion to help you choose an application.
Application category The type of application based on an associated category. For example, the File Transfer category includes applications such as Dropbox and Microsoft OneDrive.
Application risk level The risk level associated to an application based on a range from 1 to 5, where 5 represents the highest risk. For example, Bittorrent has a risk level of 5.
Application productivity level The productivity level associated to an application based on a range of 1 to 5, where 5 represents the highest level of productivity. For example, Microsoft Sharepoint has a productivity level of 5.
Internet address The IPv4 address of a host on the Internet. This criteria maps to the Server address field in the SD-WAN Router administration.
Protocol A TCP or UDP port. The Protocol selector provides a short list of common protocols. Choose Other to specify a different port.
DNS hint The DNS name of an Internet host based on a forward lookup performed by the client application.
SSL certificate name The hostname of a web server based on the common name that is obtained using Server Name Indication (SNI).

 

Synchronizing WAN Rules

WAN Rules do not synchronize automatically to your appliances. To push a set of WAN Rules, click "Sync rules to appliances". After initiating a sync request, Command Center enqueues the action and attempts to push the ruleset within a few minutes to all online appliances in the corresponding network.

Note: If the appliance is offline, the task remains pending for up to 7 days. You can initiate a new sync request if the previous request expires and one or more appliances was not able to receive the most current ruleset.

Verifying WAN Rules Synchronization

After a ruleset synchronizes to an appliance, you can view the rules in the SD-WAN Router web administration. WAN Rules pushed from Command Center are read only and are prioritized before rules created through the SD-WAN Router web administration.

You can review the Audit History for events related to WAN Rules synchronization. 

cc-wanrules-audit.png

Follow
Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk