ManualsPro SONICWALL SONICWALL SonicOS 7.1 SD-WAN Network Monitor Probes User Guide

SONICWALL SonicOS 7.1 SD-WAN Network Monitor Probes User Guide

June 15, 2024
SONICWALL

SONICWALL - logo SonicOS 7.1
SD-WAN
Administration Guide

About SonicOS

This guide is a part of the SonicOS collection of administrative guides that describes how to administer and monitor the SonicWall family of firewalls. SonicOS provides network administrators the management interface, API (Application Program Interface), and the Command Line Interface (CLI) for firewall configuration by setting objects to secure and protect the network services, to manage traffic, and to provide the desired level of network service. This guide focuses on how to configure SD-WAN group, SLA Probles, SLA Class Objects, Path Selection Profiles, and Rules on the SonicWall security appliances.

Working with SonicOS

SonicOS provides a web management interface for configuring, managing, and monitoring the features, policies, security services, connected devices, and threats to your network. SonicOS runs on top of SonicCore, SonicWall’s secure underlying operating system.
The SonicOS management interface facilitates:

  • Setting up and configuring your firewall
  • Configuring external devices like access points or switches
  • Configuring networks and external system options that connect to your firewall
  • Defining objects and policies for protection
  • Monitoring the health and status of the security appliance, network, users, and connections
  • Monitoring traffic, users, and threats
  •  Investigating events

SonicWall offers two different modes of operation in SonicOS; the modes differ mainly in the areas of policy, object configuration and diagnostics.

  • Policy Mode provides a unified policy configuration work flow. It combines Layer 3 to Layer 7 policy enforcement for security policies and optimizes the work flow for other policy types. This unified policy work flow gathers many security settings into one place, which were previously configured on different pages of the management interface.
  • Classic Mode is more consistent with earlier releases of SonicOS; you need to develop individual policies and actions for specific security services. The Classic Mode has a redesigned interface.

This table identifies which modes can be used on the different SonicWall firewalls:

Firewall Type Classic Mode Policy Mode Comments
TZ Series yes no The entry level TZ Series, also known as desktop

firewalls, deliver revamped features such as 5G readiness, better connectivity options, improved threat, SSL and decryption performance that address HTPPS bandwidth issues; built-in SDWAN,
and lawful TLS 1.3 decryption support.
NSa Series| yes| no| NSa firewalls provide your mid sized network with enhanced security . They are designed specifically for businesses with 250 and up. it can provide cloud-based and on-box capabilities like TLS/SSL decryption and inspection, application intelligence and control, SD-WAN, real-time visualization, and WLAN management.
NSsp 10700, NSsp 11700,
NSsp 13700| yes| no| The NSsp platforms high-end firewalls that deliver the advanced threat protection and fast speeds that large enterprises, data centers, and service providers need.
NSsp 15700| no| yes| The NSsp 15700 is designed for large distributed enterprises, data centers,  overnment agencies and services providers. It provides advanced threat protection like Real-Time Deep Memory Inspection, multi-instance firewall configuration, and unified policy creation and modification, with scalability and availability.
NSv Series| yes| yes| The NSv series firewalls offers all the security advantages of a physical firewall with  the operational and economic benefits of virtualization. The NSv firewalls can operate in either Policy Mode or Classic Mode. You can switch between modes, but some configuration information from extra interfaces is removed.

In addition to the management interface, SonicOS also has a full-featured API and a CLI to manage the firewalls.
For more information, refer to:

  • SonicOS 7.1 API Reference Guide
  • SonicOS Command Line Interface Reference Guide

SonicOS Workflow
When working with SonicWall products, you can use the following workflow as a guide for setting up your security solution.

SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes-

You begin your planning as you start making your purchasing decisions. Your sales partners can help you assess your network and make recommendations based on the kinds of security services you need. You can learn more about SonicWall products by reviewing product information and solutions. After selecting the solution, you can schedule your implementation.
After planning and scheduling your solution, you begin setting up the firewalls. The Getting Started Guides for your products can help you begin setting up the pieces to your solution. The getting started guides are designed to help you install the firewall to a minimal level of operation. Before performing any detailed configuration tasks described in the SonicOS Administration Guides, you should have your firewall set up and basic operation validated.
The configuration block of the workflow refers to the many tasks that combine to define how your firewall is integrated into your security solution and how it behaves when protecting your environment. Depending on the features of your security solution, this task can be quite complex. The System Administration Guides are broken into the key command sets and features. Some documents may be used for all solutions, but others may be used use only if you integrated that feature into your solution. For example, High Availability or Wireless Access Points are not necessarily used by all customers. More information about a feature’s workflow is presented in the feature administration guide. Refer to the specific Administration Guide for a SonicOS feature for more information.
Configuration tends to be a one-time activity, although you might make minor adjustments after monitoring performance or after diagnosing an issue. The configuration activity can be broken down into the more detailed flow as the following figure shows. This also mirrors the key functions that are listed across the top of the management interface.

SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- key functions

There is some flexibility in the order in which you do things, but this is the general work-flow you would follow when configuring your firewall. Start by defining the settings on the firewall. Next you set up the system and other devices that your firewall is connected to, and you can choose to implement High Availability when done. After your device, network, and system is configured, you should define the objects that you want to monitor. Then you use those objects to define the policies that protect your network. The final step to preparing your setup is to validate the user authentication.

How to Use the SonicOS Administration Guides

The SonicOS Administration Guide is a collection of guides that detail the features represented by each of the main menu items in the management interface. Within each guide, you can find topics covering commands in that menu group, along with procedures and in-depth information. The exceptions are the SonicOS 7.1 Monitor Guide and the SonicOS 7.1 Objects Guide which combine the topics for each of those functions into a single book.
To help you understand how the books align with the features and commands, the following figure shows the books organized like the SonicWall management interface.

SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- key functions1

The SonicOS Administration Guides, along with related documentation, such as the getting started guides, are available on the https://www.sonicwall.com/support/technical-documentation/.

Guide Conventions

These text conventions are used in this guide:
NOTE: A NOTE icon indicates supporting information.
IMPORTANT: An IMPORTANT icon indicates supporting information.
TIP: A TIP icon indicates helpful information.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

Convention Description
Bold text Used in procedures to identify elements in the management interface

like dialog boxes, windows, screen names, messages, and buttons. Also used for file names and text or values you are being instructed to select or type into the interface.
Function | Menu group >
Menu item| Indicates a multiple step menu choice on the user interface. For example, NETWORK | System > Interfaces means to select the NETWORK functions at the top of the window, then click on System in the left navigation menu to open the menu group (if needed) and select Interfaces to display the page.
Code| Indicates sample computer programming code. If bold, it represents text to be typed in the command line interface.

| Represents a variable name. The variable name and angle brackets need to be replaced with an actual value. For example in the segment serialnumber=, replace the variable and brackets with the serial number from your device, such as serialnumber=2CB8ED000004. Italics| Indicates the name of a technical manual. Also indicates emphasis on certain words in a sentence, such as the first instance of a significant term or concept.

About SD-WAN

SD-WAN (Software-Defined Wide Area Network) provides software-based control over wide area network (WAN) connections. SonicOS SD-WAN offers these features:

  • SD-WAN Interface Groups
  • WAN and VPN
  • Scalable from one to N interfaces
  • Dynamic path selection based on:
  • Pre-defined Lowest Latency, jitter, or packet loss
  • User-defined thresholds based on any combination of 1 or more of latency, jitter, or packet loss criteria
  •  Application-aware routing
  •  Path SLA (Service-Level Agreement) Probes for metrics
  • Connection-based traffic distribution
  • Automatic connection failover over VPN
  •  Local or Centralized management via GMS or Network Security Manager.

SD-WAN is best used for specific traffic types and/or applications requiring dynamically chosen optimal destination interfaces depending on how the network paths are behaving. To operate well, each application has a certain requirement from the network path. For example, the network quality for VoIP to operate well requires the optimal latency be 100 ms or less while a latency of 150 ms or higher results in choppy calls. SD-WAN helps in such scenarios by first dynamically measuring the various network SLA metrics, such as latency, jitter and packet loss on multiple network paths. SD-WAN then compares these metrics with the SLA threshold for a particular traffic flow and determines the optimal network that meets the flow’s network quality accordingly.

Elements of SD-WAN

SD-WAN Groups
SD-WAN Groups are logical groups of interfaces that can be used for load- balancing as well as dynamic path selection based on the performance criterion through each interface path. You can create your own custom groups.
Constraints for SD-WAN Groups

  • Group need to have at-least one member interface
  • Groups cannot have mix of WAN, Numbered Tunnel interface and Unnumbered Tunnel Interface
  • Groups cannot share member interfaces with other groups.

Constraints for Member Interfaces

  • Member interfaces can only be WAN, Numbered Tunnel Interface or Unnumbered Tunnel Interface
  • Member interfaces cannot be Wire mode or L2 bridge interfaces
  • Maximum member interfaces per group – 10.

. For more information, see section SD-WAN Groups

SLA Probes
SD-WAN SLA Probes are used to determine performance metrics such as latency, jitter, packet loss for a Network path. These are similar to Network Monitor Probes. SonicOS supports the ICMP and TCP probe types. A SD-WAN probe can be used by multiple Path Selection profiles. For more information, see section SLA Probes.
SLA Class Objects
SD-WAN SLA Class Objects is used to configure the desired performance characteristics for the application/traffic categories. These objects are used in the Path Selection Profile to automate the selection of paths based on these metrics.

The default Performance Class Objects are:

  • Lowest Jitter
  •  Lowest Latency
  • Lowest Packet Loss

Custom class object can be configured with the thresholds that best meet the needs of your application/traffic categories with Performance Class Objects. For more information, see section SLA Class Objects.

Path Selection Profiles
Path Selection Profiles (PSPs) are the settings that help to determine the network path that satisfies a specific network performance criteria, from a pool of available network paths. The dynamic path selection mechanism is implemented using the PSP settings when associated with Policy Based Routes (PBR). When more than one network path meets the criterion (as per the performance class in the PSP), then traffic is load balanced among the network paths. When associated with a policy-based routing policy, a path selection profile helps select the optimal path among the SD-WAN interfaces for the application/service. For more information, see section Path Selection Profiles
SD-WAN Rules
Dynamic Path selection for specific traffic flows uses Policy Based Routes. A SD-WAN Policy Based Route is used to configure the route policy for the specific source/destination service/App combination, with a corresponding Path Selection Profile that determines the outgoing path dynamically based on the Path Selection Profile. If there is more than one path qualified by the Path Selection Profile, the traffic is automatically load balanced among the qualified paths. If none of the paths are qualified by the path selection profile and the backup interface in the profile is not configured or is down, the route is disabled. For more information, see section SDWAN Rules.

SD-WAN Groups

About SD-WAN Groups
SD-WAN supports physical and Virtual WAN (VLAN) interface types as well as VPN Numbered and UnNumbered Tunnel Interface instances, all choices provided while creating an SD-WAN group.
SD-WAN Groups are logical groups of interfaces that can be used for load- balancing as well as dynamic path selection based on the SLA criterion through each interface path.
The SD-WAN Groups page displays the custom pool of interfaces used for optimized and resilient traffic flow.

SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- About SD

Name Name of the SD-WAN group.
Zone The zone of the interface member:

• WAN
• VPN
IP Address| IP address of physical, virtual (VLAN) interfaces or Numbered Tunnel Interfaces.
Un-Numbered will be 0.0.0.0.
Link Status| Indicates whether the link is:
• Link Up (green)
• Link Down (red)

Configuring SD-WAN Groups

Creating an SD-WAN Group
You can create multiple SD-WAN Groups to meet your requirements.
To add an SD-WAN group:

  1. Navigate to Network | SDWAN > Groups.

  2. Click the Add icon.
    The Add SD-WAN Group dialog displays.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- WAN Group

  3. Enter a descriptive name in the Name field.

  4. Select one or more interfaces from the Not in Group list. Member interfaces available to select included Physical WAN, virtual (VLAN) WAN, numbered tunnel (VPN) interfaces and VPN policies for unnumbered tunnel interfaces.
    IMPORTANT: An interface cannot be a member of more than one SD-WAN group.
    IMPORTANT: The maximum number of interfaces that can be added in an SD- WAN group is 10.

  5. Click the Right Arrow to move the selected interfaces to the In Group column.

  6.  To change the priority of the selected group members:
    a. Select the interface.
    b. Click the Up Arrow or Down Arrow.
    NOTE: If user is using VPN tunnel interface for SD-WAN configuration, then in both the firewall the priority for the tunnel interface should be maintained same.

  7.  Repeat Step 6 for each interface to prioritize.
    1. Click Add.
    If the group is created, a confirmation message is displayed.
    2. Click Close.

Editing an SD-WAN Group
To edit an SonicOS group:

  1. Navigate to Network | SDWAN > Groups.

  2. Hover over an SD-WAN group, click the Edit icon of the group to edit.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- WAN Group1
    The Edit this entry is displayed.

  3. Make required changes as described in Creating an SD-WAN Group.

  4. Click Save.

Deleting an SD-WAN Group
To delete an SD-WAN group:

  1. Navigate to Network | SDWAN > Groups.
  2. Hover over an SD-WAN group, click the Delete icon.
  3. Click Confirm.
    The message confirming the deletion of SD-WAN group is displayed.

Deleting Multiple SD-WAN Groups
To delete SD-WAN groups:

  1. Navigate to Network | SDWAN > Groups.
  2.  Hover over an SD-WAN group, click the Delete All icon.
  3. Click Confirm.
    The message confirming the deletion of all SD-WAN group is displayed.

SLA Probes

About SLA Probes
Network path performance metrics are determined using SD-WAN SLA probes, which are similar to Network Monitor Probes. SonicOS supports ICMP and TCP probe types. An SD-WAN SLA probe can be used by multiple Path Selection Profiles, for further information, see About Path Selection Profiles.
The Network| SD-WAN > SLA Probes page shows the dynamic performance data (latency/jitter/packet loss) and probe status for each path (interface) in the SD-WAN group, in both tabular and graphic displays. The display can show data for the last minute (default), last day, last week, or last month.

SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- About SLA Probes

| Number of the probe. The Collapse/Expand icon toggles the display of the

graphs.
---|---
NAME| Name of the SD-WAN SLA probe.
SD-WAN GROUP| Name of the SD-WAN group associated with the SD-WAN SLA probe.
PROBE TARGET NAME| Target address object of the SD-WAN SLA probe.
NOTE: This field is empty for VPN based interfaces.
PROBE TYPE| Type of SLA probe:
• Ping–Explicit Route
• TCP–Explicit Route
NOTE: When “TCP-Explicit Route” is selected, both Port field and “RST Response Counts As Miss” become available.
---|---
PORT| Port for the SD-WAN SLA probe. The minimum/maximum values are 1 to 65535.
NOTE: Ports are displayed only for TCP – Explicit Route probe types. A hyphen (–) displays for Ping – Explicit Route probe types.
INTERVAL (S)| Time between SD-WAN SLA probes, in seconds.
LATENCY (MS)| Round trip delay for the probes sent through a particular path/interface to reach the probe target and acknowledge back, in milliseconds. This is also displayed as a graph below the probe’s entry in the SLA Probe table.
JITTER (MS)| Variation in the latency measurements for the probes through a particular path/interface, in milliseconds. This is also displayed as a graph below the probe’s entry in the SLA Probe table.
PACKET LOSS (%)| Percentage of probes that are missed of the probes sent through a particular path/interface. This is also displayed as a graph below the probe’s entry in the SLA Probe table.
ADDITIONAL INFO| When you hover over the icon, you can view the data for the following: Response timeout, Success Threshold, Failure Threshold, & RST in Failure.
COMMENTS| Displays the comment entered when the SLA probe was configured.

Configuring SLA Probes

Adding SD-WAN SLA Probes
IMPORTANT: A SLA Probe is created automatically for an SD-WAN Group containing a VPN numbered tunnel interface/unnumbered tunnel interface. You do not need to create an additional SLA probe.

To add a SLA probe for non-VPN SD-WAN Groups:

  1. Navigate to Network | SDWAN > SLA Probes.

  2. Click the Add icon.
    The Add SD-WAN SLA Probe dialog is displayed.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- About SLA Probes1

  3. Enter a meaningful name in the Name field.

  4.  Select an SD-WAN group from SD-WAN Group drop-down menu.

  5.  Select an address object from Probe Target.

  6.  From Probe Type, select:
    • Ping (ICMP) – Explicit Route (default); go to Step 8.
    • TCP – Explicit Route; the Port field becomes available.

  7.  Enter the port number of the explicit route in the Port field.

  8. Enter the interval between probes in the Probe hosts every field. The minimum is 1 second, the maximum is 3600 seconds, and the default is 3 seconds.
    TIP: The probe interval must be greater than the reply timeout.

  9.  Enter the maximum delay for a response in the Reply time out … seconds field. The minimum is 1 second, the maximum is 60 seconds, and the default is 1 second.

  10. Enter the maximum number of missed intervals before the SLA probe is set to the DOWN state in the Probe state is set to DOWN after … missed intervals field. The minimum number is 1, the maximum is 100, and the default is 3.

  11.  Enter the maximum number of successful intervals before the SLA probe is set to the UP state in the Probe state is set to UP after … successful intervals field. The minimum number is 1, the maximum is 100, and the default is 1.

  12.  If you selected TCP – Explicit Route for Probe Type, the RST Response Counts As Miss option becomes available. Select the option to count RST responses as missed intervals. This option is not selected by default.

  13. Optionally, enter a comment in the Comment field.

  14. Click Add.
    A confirmation message is displayed.

Editing an SD-WAN SLA Probe
To edit an SD-WAN SLA probe:

  1. Navigate to Network | SDWAN > SLA Probes.

  2. Hover over the SD-WAN SLA probe and click the Edit icon that appears.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- About SLA Probes2

  3. The Edit SD-WAN SLA Probe dialog displays.

  4. Make changes as described in Adding SD-WAN SLA Probes.

  5.  Click Save.

Deleting an SD-WAN SLA Probe
To delete an SD-WAN SLA probe:

  1. Navigate to Network | SD-WAN > SLA Probes.

  2. Hover over the SD-WAN SLA probe and click the Delete icon that appears.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- About SLA Probes3
    A confirmation message is displayed.

  3. Click Confirm.

Deleting Multiple SD-WAN SLA Probes
To delete multiple SD-WAN SLA probes:

  1. Navigate to Network | SDWAN > SLA Probes.

  2. Click Delete All icon at the top of the SD-WAN SLA Probe table.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- About SLA Probes4
    A confirmation message is displayed.

  3. Click Confirm.

SLA Class Objects

About SLA Class Objects
A SLA Class specifies the SLA criterion for selecting the optimal path. It could be the:

  • Best latency/jitter/packet loss among the existing paths.
  • SLA Class Object that defines the metric thresholds for any combination of latency, jitter and packet loss.

You use SD-WAN SLA Class Objects to configure the desired SLA characteristics for the application/traffic categories. These objects are used in the Path Selection Profile to automate the selection of paths based on these metrics.
These are the default SLA Class Objects:

  • Lowest Jitter
  • Lowest Latency
  • Lowest Packet Loss

NOTE: These default SLA Class Objects cannot be edited or deleted.
You can configure custom SLA thresholds that best meet the needs of your application/traffic categories with custom SLA Class Objects. You can include or exclude the Latency, Jitter, or Packet Loss attributes in your custom object, although you cannot exclude all three attributes in the same object. When excluded, the value of that attribute is not used as a criterion or threshold when determining whether a particular path is qualified or not. For example, if you want to evaluate a particular path only on the Latency attribute but you don’t care about the other attributes, you can include Latency and exclude Jitter and Packet Loss in your custom object.

SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- About SLA Probes5

NAME Name of the SLA Class Object

LATENCY
(MS)| Threshold time for the round trip delay for the probes sent through a particular path/interface to reach the probe target and acknowledge back, in milliseconds. For the Lowest Latency SLA Class Object, the time is always LOWEST; for the other default SLA Class Objects, a hyphen (–) displays.
JITTER (MS)| Threshold variation in the latency measurements for the probes through a particular path/interface, in milliseconds. For the Lowest Jitter SLA Class Object, the time is always LOWEST; for the other default SLA Class Objects, a hyphen (–) displays.
LOSS (%)| Threshold percentage of probes that are missed of the probes sent through a particular path/interface. For the Lowest Packet Loss SLA Class Object, the  ercentage is always LOWEST; for the other default SLA Class Objects, a hyphen (–) displays.
COMMENT| Displays the comment entered when the SLA Class Object was configured.

Configuring SD-WAN SLA Class Objects

Adding an SD-WAN SLA Class Object
To add a SLA Class Object:

  1.  Navigate to Network | SDWAN > SLA Class Objects.

  2. Click the Add icon.
    The Add SLA Class Object dialog appears.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Class Object

  3.  Enter a meaningful name in the Name field.

  4.  Enable Include Latency to include the SLA class latency attribute for this object to exclude the latency attribute. This option is selected by default.

  5.  If Include Latency is enabled, enter the acceptable latency, in milliseconds, in the Latency (ms) field.
    The minimum is 0 milliseconds, the maximum is 1000 milliseconds, and the default is 0 milliseconds.

  6.  Enable Include Jitter to include the SLA class jitter attribute for this object to exclude the jitter attribute.
    This option is selected by default.

  7.  If Include Jitter is enabled, enter the acceptable jitter, in milliseconds, in the Jitter (ms) field. The minimum is 0 milliseconds, the maximum is 1000 milliseconds, and the default is 0 milliseconds.

  8.  Enable Include Loss to include the SLA class packet loss attribute for this object to exclude the packet loss attribute. This option is selected by default.

  9.  If Include Loss is enabled, enter the acceptable percentage of packet loss in the Loss (%) field. The minimum is 0, the maximum is 100, and the default is 0.
    NOTE:
    1. You cannot exclude all three attributes (Latency, Jitter, Packet Loss) in the same object.
    2. You can view the SLA Probe section to see what you are getting on each link to determine practical thresholds.

  10. Optionally, enter a comment in the Comment field.

  11. Click OK.

Editing an SD-WAN SLA Class Object
To edit an SD-WAN SLA class object:

  1.  Navigate to Network | SDWAN > SLA Class Objects.
  2.  Hover over a SLA class object, click the Edit icon. The Edit SLA Class Object dialog appears, make required changes as described in Adding an SD-WAN SLA Class Object.
  3.  Click OK.

Deleting an SD-WAN SLA Class Object
To delete an SD-WAN SLA Class Object:

  1. Navigate to Network | SDWAN > SLA Class Objects.

  2. Hover over an object and click the Delete icon.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Class Object1

  3. Click Confirm in the confirmation prompt that is displayed.

Deleting All Custom SLA Class Objects

To delete multiple SD-WAN SLA Class Objects:

  1. Navigate to Network | SDWAN > SLA Class Objects.

  2.  To delete all the Custom SLA Class Objects, click Delete All icon at the top of the SLA Class Object table.
    A confirmation message is displayed.

  3. Click Confirm.

Path Selection Profiles

About Path Selection Profiles
Path Selection Profiles (PSPs) determine the network paths or interfaces that satisfy a specific network SLA criteria from a pool (SD-WAN Group) of available network paths/interfaces.
The dynamic path selection mechanism is implemented using the PSP settings when associated with Policybased Routes (PBR). When more than one network path meets the criterion (as per the SLA class in the PSP), then traffic is load balanced among the qualified network paths/interfaces. When associated with a policy-based routing policy or SD-WAN Rule, a Path Selection Profile helps select the optimal path among the SD-WAN interfaces for the application/service.

SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Class Object2

Name Name of the Path Selection Profile.
SD-WAN Group SD-WAN interface group to which the profile applies.
Interface Status Status of the members of the SD-WAN interface group:

• Qualified (green)
• Not Qualified (red)
SLA Probe| SLA Probe used by the Path Selection Profile.
SLA Class Object| SLA Class Object used by the Path Selection Profile:
• Lowest Latency
• Lowest Jitter
• Lowest Packet Loss
• Custom SLA Class Object
Backup Interface| Indicates the interface chosen when none of the SD-WAN group interfaces meet the performance criteria. If a backup interface was not chosen, None displays.
Probe Default UP| Indicates whether the default state of the SLA probe is:
• UP (Checkmark icon)
DOWN (Crossmark icon)

Configuring Path Selection Profiles

Adding Path Selection Profile
To add a Path Selection Profile:

  1. Navigate to Network | SDWAN > Path Selection Profiles.

  2. Click the Add icon above the table.
    The Add SD-WAN Path Selection Profile dialog is displayed.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Path Selection Profile

  3.  Add a meaningful name in the Name field.

  4.  From SD-WAN Group, select the SD-WAN interface group to which the profile applies.
    You have an option to create a new SD-WAN group from this dialog and then select the newly created group.

  5.  From SLA Probe, select the probe to use in the profile.
    A probe, if added for the SD wan group you selected, is displayed by default. Otherwise, select the appropriate probe.

  6.  From SLA Class, select the SLA Class Object for the dynamic selection of the optimal network path:
    • Lowest Latency
    • Lowest Jitter
    • Lowest Packet Loss
    • Custom SLA Class Object
    You have an option to create a New SLA Class Object from the drop-down menu.

  7. From Backup Interface, select the most optimum interface to use when all the SD-WAN Group interfaces fail to meet the SLA criteria specified in SLA Class:
    • None (default)
    • Individual interface
    • VPN Tunnel Interface (if any)
    NOTE: If user selecting backup interface as VPN Tunnel interface, then in both the Firewall and
    Tunnel interface should be same in Backup Interface.

  8. To specify whether the default state of the SLA probe should be treated as DOWN, disable SLA Probe default state is UP. This option is enabled by default and is treated as UP.

  9. For path selection profiles with Non-VPN SD-WAN groups, if existing connections on the path should be reset when the path does not meet the performance criteria any more, select Reset conditions if path does not meet the performance criteria. This option is disabled by default.

  10.  Click Save.
    A confirmation message is displayed.

Editing a Path Selection Profile
To edit a Path Selection Profile:

  1. Navigate to Network | SDWAN > Path Selection Profiles.
  2. Hover over a path selection profile, click the Edit icon. The Edit SD-WAN Path Selection Profile dialog is displayed.
  3. Make changes as described in Adding Path Selection Profile.
  4. Click Save.

Deleting a Path Selection Profile
To delete an SD-WAN Path Selection Profile:

  1.  Navigate to Network | SDWAN > Path Selection Profiles.
  2.  Hover over a path selection profile, click the Delete icon.
  3.  Click OK to confirm deletion.

Deleting Multiple Path Selection Profiles
To delete multiple Path Selection Profiles:

  1. Navigate to Network | SDWAN > Path Selection Profiles.

  2. Select the profiles that you want to delete or click the Delete All icon above the Path Selection Profiles table to delete all the profiles.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Path Selection Profile1

  3. Click OK to confirm deletion.

SD-WAN Rules

About SD-WAN Rules
SD-WAN Rules bring Path Selection Profiles and routing criteria together to provide dynamic path selection. SDWAN Rules combine a Path Selection Profile with either a Source and/or Destination and/or Service Object/Group or a specific Match Object of type “Application List” or “Application Category List” which determines the outgoing path dynamically based on the Path Selection Profile’s parameters. If there is more than one path qualified by the Path Selection Profile, the traffic is automatically load balanced among the qualified paths. If none of the paths are qualified by the Path Selection Profile and the backup interface in the profile is not configured or is down, the rule is disabled.
TIP: SD-WAN Rules can also be configured or viewed from the Policy | Rules and Policies > Routing Rules page. The Network | SDWAN > Rules page, however, only shows the SD-WAN Rules and only allows configuration of SD-WAN- type rules.

SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Path Selection Profile2

NAME Name of the SD-WAN Rules.
IP VERSION The IP version is shown by an icon showing whether the rule is for

IPv4 and/or IPv6.
SOURCE| Source address object for the SD-WAN Rule.
DESTINATION| Destination address object for the SD-WAN Rule.
SERVICE| Service object for the for the SD-WAN Rule. If App was selected instead of
Service for the type of rule, N/A appears.
APP| Application match object for the for the SD-WAN Rule. If Service was selected instead of App for the type of rule, N/A appears.
NOTE: “Application List” or “Application Category List” Match Objects used here are created at Object | Match Objects > Match Objects.
TOS/Mask| Hexadecimal TOS and TOS Mask. If these options were not configured, you will see this field as blank.
PATH PROFILE| Path Selection Profile for the SD-WAN Rule.
INTERFACE| SD-WAN interface group associated with the SD-WAN Rule.
METRIC| Metric used for the SD-WAN Rule.
PRIORITY| Priority of the rule in Routing Rules route table.
COMMENT| When you hover over the comment icon, the comment entered when the SDWAN Rule was configured is displayed.

Configuring SD-WAN Rules

Adding SD-WAN Rules
To add an SD-WAN rule:

  1.  Navigate to Network | SDWAN > Rules.

  2. Click the Add SDWAN Rule icon. The Add SDWAN Rule dialog is displayed.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Add SDWAN Rule
    NOTE: The Interface and Disable rule when the interface is disconnected to delineate the two settings options are dimmed and cannot be edited. The Interface option is populated with the SDWAN group name associated with the Path Selection Profile (PSP) you select.

  3. Enter a meaningful name in the Name field.

  4. From Source, select the source address object for the static route or select Create new Address object to dynamically create a new address object. The default is Any.

  5. From Destination, select the destination address object or select Create new Address object to dynamically create a new address object. The default is Any.

  6. Choose the type of rule:
    • Service (default)
    • App
    IMPORTANT: Application Control Licensing is required for application- based rule.

  7.  If you selected Service, select a Service Object from the drop-down. For a generic static rule that allows all traffic types, simply select Any (the default).

  8. If you selected App, select an App Match Object from App Object drop-down.
    NOTE: “Application List” or “Application Category List” Match Objects used here are created at Object | Match Objects > Match Objects.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Add SDWAN Rule1

  9. From Path Profile, select a Path Selection Profile.

  10.  Enter the Metric (weighted cost) for the route. The minimum is 1, and the maximum is 254.
    TIP: Lower metrics are considered better and take precedence over higher metrics (costs).

  11. Optionally, enter a Comment for the route policy. This field allows you to enter a descriptive comment for the new static route policy.

  12. To permit acceleration on the route policy, enable Permit Acceleration.

  13. Click Advanced.

  14.  Optionally enter a TOS value in the TOS (Hex) field. The maximum value is FF. If the TOS and TOS
    Mask fields are not configured, a value of 0 is used.

  15. Enter the same value in the TOS Mask (Hex) field.

  16. To manually specify an administration distance:
    a. Deselect Auto. This option is selected by default.
    The Admin Distance field becomes available.
    b. Enter the administration distance in the Admin Distance field.

  17. Click Add.

Editing SD-WAN Rules
To edit a SDWAN rule:

  1. Navigate to Network | SDWAN > Rules.

  2.  Hover over a rule and click the Edit icon.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Add SDWAN Rule2

  3. The Update SDWAN Rule dialog is displayed.

  4. Make changes as described in Adding SD-WAN Rules.

  5. Click Update.

Deleting SD-WAN Rule
To delete a rule:

  1. Navigate to Network | SDWAN > Rules.
  2. Hover over a rule and click the Delete icon.
  3. Click Confirm.

Deleting Multiple SD-WAN Rules
To delete multiple SD-WAN Rules:

  1. Navigate to Network | SDWAN > Rules.

  2. Select the Path Selection Profiles to delete or click Delete All icon above the SD-WAN Rules table.
    SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Add SDWAN Rule3

  3. Click Confirm.

Monitoring SD-WAN

NOTE: A chart may be empty or blank if there are no recent data entries received within the viewing range.

SONICWALL SonicOS 7 1 SD WAN Network Monitor Probes- Add SDWAN Rule4

To monitor SD-WAN SLA:

  1.  Navigate to Monitor | SD-WAN > SDWAN Monitor.

  2. From SD-WAN Probes drop-down box, select the SLA probe you would like to use to monitor.

  3. Indicate the Refresh rate, in seconds, in the Refresh Every field.

  4.  Select a View Range:
    • 60 seconds (default)
    • 2 minutes
    •  5 minutes
    • 10 minutes

  5. Choose an interface to track or select All Interfaces from the drop-down menu on the right side.

Viewing SD-WAN Rules Connections

You can view the connections that have been associated with SD-WAN Rules on the Monitor | SDWAN > SDWAN Connections page.

  • To view the activities associated with IPv4 SD-WAN Rules, click IPv4 tab.
  • To view the activities associated with IPv6 SD-WAN Rules, click IPv6 tab.

SD-WAN CONNECTION DETAILS

SRC MAC MAC address of the appliance that is the source of the connection.
SRC VENDOR Name of the vendor of the appliance that is the source of the

connection.
SRC IP| IP address of the appliance that is the source of the connection.
SRC PORT| Port on the appliance that is the source of the connection.
DST MAC| MAC address of the appliance that is the destination of the connection.
DST VENDOR| Name of the vendor of the appliance that is the destination of the connection.
DST IP| IP address of the appliance that is the destination of the connection.
DST PORT| Port on the appliance that is the destination of the connection.
PROTOCOL| Protocol used for the connection.
SRC IFACE| Interface on the appliance that is the source of the connection.
DST IFACE| Interface on the appliance that is the destination of the connection.
SRC ROUTE| Source route of the connection.
DST ROUTE| Destination route of the connection.
FLOW TYPE| Type of data flow control, such as FTP Control.
IPS CATEGORY| Internet Provider Security (IPS) category. If this information is not available or
relevant, the column displays N/A.
ABR APP ID| App-Based Routing Application ID.
ABR CATEGORY ID| App-Based Routing Category ID.
EXPIRY (SEC)| Number of seconds until the connection expires.
TX BYTES| Number of bytes transmitted on the connection.
RX BYTES| Number of bytes received on the connection.
TX PKTS| Number of packets transmitted on the connection.
Rx PKTS| Number of packets received on the connection.
Flush| Displays the Flush icon. Clicking the icon flushes the connection.
Total| Total number of entries on the page. This is displayed at the bottom of the page.

You can perform the following actions on the SD-WAN Connections page:

  • To search a log, enter a keyword related to an activity in the Search bar
  •  To filter the logs, click Filter icon, select the appropriate filter options, and then click APPLY FILTERS.
  • To clear the filters applied, click Clear Filter icon
  • To export the logs in CSV or TEXT files, click Export icon and select the required format
  •  To refresh the page, click Refresh icon

SonicWall Support

Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:

About This Document
SonicOS SD-WAN Administration Guide
Updated – December 2023
Software Version – 7.1
232-005874-00 Rev A
Copyright © 2023 SonicWall Inc. All rights reserved.
The information in this document is provided in connection with SonicWall and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. and/or its affiliates do not make any commitment to update the information contained in this document. For more information, visit https://www.sonicwall.com/legal.

End User Product Agreement
To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/legal/end-user-product-agreements/.

Open Source Code
SonicWall Inc. is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:

General Public License Source Code Request
Attn: Jennifer Anderson
1033 McCarthy Blvd
Milpitas, CA 95035
SonicOS 7.1 SD-WAN Administration Guide
SonicWall Support

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

SONICWALL User Manuals

SONICWALL x700 Series M.2 Module Instruction Manual
SONICWALL
SONICWALL Capture Client and Microsoft Endpoint Manager User Guide
SONICWALL
SONICWALL 232-006128-00 Global Management System User Guide
SONICWALL
SONICWALL Capture Client Integrates and Datto RMM User Guide
SONICWALL
SONICWALL NSsp/High-End NSa Series Power Supply Installation Guide
SONICWALL
SONICWALL Global Management System 9.3 User Guide
SONICWALL
SONICWALL NSsp 13700 – Appliance Only User Guide
SONICWALL
SONICWALL 1RK54-118 Network Security Appliance User Guide
SONICWALL
SONICWALL NSsp 13700 – security appliance User Guide
SONICWALL
SONICWALL Organization Account App User Guide
SONICWALL
SONICWALL SonicWave 641 Wireless Access Point User Guide
SONICWALL
SONICWALL SonicWave 621 Wireless Access Point User Guide
SONICWALL
SONICWALL TZ Series Entry Level Next Generation Firewalls Instructions
SONICWALL
SONICWALL TZ400 Firewall with Total Secure Advanced Edition User Guide
SONICWALL
SONICWALL SMA 200 Secure Mobile Access User Guide
SONICWALL
SONICWALL 02-SSC-3919 Nsa 5700 Total Secure Advanced Edition 1 User Guide
SONICWALL
SONICWALL POE60U-1BT-5 Multi-Gigabit PoE Injector Installation Guide
SONICWALL
SONICWALL APL67-107 SonicWave 641 Wireless Access Point User Guide
SONICWALL
SONICWALL TZ470W Wireless-AC INTL TotalSecure User Guide
SONICWALL
Sonicwall TZ270W Wireless Network Security Appliance User Guide
SONICWALL

Related Manuals

SwitchBot PT 2034C Smart Keypad Touch for Switch Bot Lock User Manual
SwitchBot
LG TONE-FP5 Tone Free Bluetooth Stereo Headset Owner’s Manual
LG
AltumView Cypress Smart Activity Sensor User Manual
AltumView
JEGS BANDIT Series Throttle Body Fuel Injection Installation Guide
JEGS
oppo CPH2089 Smartphone User Guide
OPPO
metabo HS 18 LTX 65 Cordless Hedge Trimmer Instruction Manual
metabo
flashbay Key Shaped Flash Drive Owner’s Manual
flashbay
incott HPC02 Pro Wireless Mouse User Manual
incott
CORSAIR iCUE Elite LCD Upgrade Kit Instruction Manual
Corsair
Swann Pro-Series HD1080P Security Camera User Manual
Swann
23ZERO WOOF-DEN Roof Top Tent User Manual
23ZERO
iskydance DA-L DMX Signal Amplifier Instruction Manual
iskydance
hama 00086406 Car Charger Instruction Manual
Hama
GASTEC 180 Amines Detector Tube Instructions
GASTEC
nedis Bone Conduction Headphones User Guide
nedis
mettatec GNSS X5 PPK Module for Phantom 4 Pro and Advance User Manual
mettatec
One LIGHT 67526A2 Celling Light Instruction Manual
one LIGHT
Rehabilitaweb TSA-24 Tire Machine Instruction Manual
Rehabilitaweb
Gude 50079 Compressor Air Power Instructions
Gude
IMULTI LOL602 LED Outdoor Lighting Instruction Manual
IMULTI
Zoeller Pump Company 912/915 Preassembled Sewage Systems Installation Guide
Zoeller Pump Company
MEYRA Support Stoma Waistband Instruction Manual
MEYRA
TWOPAGES Cordless Roman Shade Installation Guide
TWOPAGES
Nilfisk-Advance VP300 Series Canister Vacuum User Manual
Nilfisk Advance
OPTONICA 6394 3 or 4 Channel 12-60V Constant Voltage Power Repeater User Manual
OPTONICA
WERMA 862.000.03 Andon Wireless Set Instruction Manual
WERMA
Continental SVI-KA4FGE09 Smart Key Fob User Manual
Continental
wilo 2048340 Domestic Hot Water Pump Instruction Manual
wilo
Leviton DG6HD 1BW Decora Smart Dimmer User Manual
Leviton
kogan KAMPG700PA ATLAS G700 Mini PC User Guide
Kogan
Contact Us   Privacy Policy   9.968ms