-
Log in to Check Point Infinity Portal.
-
Click the top left > in the section Quantum, click SD-WAN.
The SD-WAN Policy opens.
-
From the top toolbar, create a new rule.
-
Optional: In the Name column of the rule, click and enter the applicable text.
-
In the Source column of the rule, click the (+) icon > select the applicable asset objects > click OK.
-
In the Destination column of the rule, click the (+) icon > select the applicable asset objects > click OK.
See Objects Supported in SD-WAN Policy.
Best Practice - Use Updatable Objects in the "Destination" column of the SD-WAN Policy. This allows matching of application connections on the first packet and most accurate traffic steering.
-
In the Services & Applications column of the rule, click the (+) icon > click Services or Applications > select the applicable objects > click OK.
-
In the Behavior column of the rule, click the (+) icon > select the applicable Steering Behavior object > click OK.
See Configuring Steering Behavior.
Note - You can select only one Steering Behavior object in a rule. If you select a different object, then it replaces the current object.
-
In the Enforcement column of the rule, click the (+) icon > select the applicable profile objects > click OK.
Note - Select the profile you created in Infinity Portal:
-
From the top toolbar, click Publish to save the changes.
-
From the top toolbar, click Enforce to apply the changes.
The orange frame on this button means there are changes that are not enforced.
In the popup window that opens, click Publish & Enforce Policy.
Configuring SD-WAN Policy
|
Important - If you did not to use the SD-WAN Wizard during the initial deployment, then you must configure the required settings manually. |
Configuring SD-WAN Policy
-
Log in to Check Point Infinity Portal.
-
Click the top left > in the section Quantum, click SD-WAN.
The SD-WAN Policy opens.
-
From the top toolbar, create a new rule.
-
Optional: In the Name column of the rule, click and enter the applicable text.
-
In the Source column of the rule, click the (+) icon > select the applicable asset objects > click OK.
-
In the Destination column of the rule, click the (+) icon > select the applicable asset objects > click OK.
See Objects Supported in SD-WAN Policy.
Best Practice - Use Updatable Objects in the "Destination" column of the SD-WAN Policy. This allows matching of application connections on the first packet and most accurate traffic steering.
-
In the Services & Applications column of the rule, click the (+) icon > click Services or Applications > select the applicable objects > click OK.
-
In the Behavior column of the rule, click the (+) icon > select the applicable Steering Behavior object > click OK.
See Configuring Steering Behavior.
Note - You can select only one Steering Behavior object in a rule. If you select a different object, then it replaces the current object.
-
In the Enforcement column of the rule, click the (+) icon > select the applicable profile objects > click OK.
Note - Select the profile you created in Infinity Portal:
-
From the top toolbar, click Publish to save the changes.
-
From the top toolbar, click Enforce to apply the changes.
The orange frame on this button means there are changes that are not enforced.
In the popup window that opens, click Publish & Enforce Policy.
|
Note - To disable a rule, in the Number column, click the three-dots on the right side of the rule number. Example:
|
Objects Supported in SD-WAN Policy
This section provides a list of objects you can use in various columns of SD-WAN policy rules.
-
Host
-
Network
-
Address Range
-
Security Zone
-
Dynamic Object
-
Domain
-
Security Gateway Object
-
Cluster Object
-
Cluster Member Object
-
Network Groups
-
Access Role
SD-WAN supports Updatable Objects documented in sk131852.
-
TCP
service -
UDP
service -
Other
service -
SCTP
service -
Service Group
-
Check Point Applications
-
Application/Site Group
-
Custom Application/Site