Prerequisites for Using SD-WAN Summary Dashboard

You must be an Admin, Security Analyst, or Maintenance user to view this dashboard. See Secure Firewall Management Center and Cloud-delivered Firewall Management Center User Role Mapping for more information.
Threat defense devices must be Version 7.2 or later.
Enable IP-based path monitoring and HTTP-based application monitoring on the WAN interfaces.
1. Choose Devices > Device Management.
2. Click the edit icon adjacent to the device that you want to edit.
3. Click the edit icon adjacent to the interface that you want to edit.
4. Click the Path Monitoring tab.
5. Check the Enable IP based Monitoring check box.
6. Check the Enable HTTP based Application Monitoring check box.
7. Click OK.
Configure a PBR policy with at least one application configured to monitor it:
1. Choose Devices > Device Management.
2. Click the edit icon adjacent to the device that you want to edit.
3. Click Routing.
4. In the left pane, click Policy Based Routing.
5. Click Add.
6. From the Ingress Interface drop-down list, choose an interface.
7. Click Add to configure a forwarding action.
8. Configure the parameters.
9. Click Save.
To view the application performance metrics for the WAN interfaces, you must:
- Threat defense devices must be Version 7.4.1.
- Enable data collection from the SD-WAN module in the health policy.
  1. Choose System > Policy.
  2. Click the Edit health policy icon.
  3. In the Health Modules tab, under SD-WAN, click the SD-WAN Monitoring toggle button.
- Configure applications for the PBR policies.
  1. Choose Objects > Object Management > Access List > Extended.
  2. Click the edit icon adjacent to the access list and add the applications for the PBR policy.
- Configure the forwarding action for the policy with one of the four application metrics.
  1. Choose Devices > Device Management.
  2. Click the edit icon adjacent to the device that you want to edit.
  3. Click Routing.
  4. In the left pane, click Policy Based Routing.
  5. Click the edit icon adjacent to the policy that you want to edit.
  6. In the Edit Policy Based Route dialog box, click the edit icon adjacent to the corresponding ACL.
  7. In the Edit Forwarding Actions dialog box, from the Interface Ordering drop-down list, choose one of the following options:
    - Minimal Jitter
    - Maximum Mean Opinion Score
    - Minimal Round-Trip Time
    - Minimal Packet Loss
    If you choose Interface Priority or Order, application monitoring is not enabled on the interface.
- Configure ECMP on the WAN interfaces:
  1. Choose Devices > Device Management.
  2. Click the edit icon adjacent to the device that you want to edit.
  3. Click Routing.
  4. In the left pane, click ECMP.
  5. Click Add and specify a name for the ECMP zone.
  6. Click Add to move interfaces from Available Interfaces to Selected Interfaces.
  7. Click OK.
- Ensure that traffic passes through the interface.
- Enable DNS inspection on each WAN device so that the threat defense device can do DNS snooping, and configure the trusted DNS servers:
  1. Choose Devices > Platform Settings.
  2. Click the edit icon adjacent to the threat defense policy that you want to edit.
  3. In the left pane, click DNS.
  4. Click the DNS Settings tab.
  5. Check the Enable DNS name resolution by device check box.
  6. Click the Trusted DNS Servers tab.
  7. Do one of the following:
    - Click the Trust Any DNS server toggle button.
    - Under Specify DNS Servers, click Edit to add trusted DNS servers.
To view syslogs when you click Uplink Decisions, you must:
- Choose Devices > Platform Settings and create or edit a threat defense policy.
- In the left pane, click Syslog.
- Click the Logging Setup tab.
- Check the Enable Logging check box to turn on the data plane system logging for the threat defense device.
- Click the All Logs radio button to enable logging of all the troubleshooting syslog messages.
  
  or
  
  Click the VPN Logs radio button to enable logging of only the VPN troubleshooting messages.
- Click Save.