Creating SD-WAN Policy Intents

You can create policy intents for SD-WAN policies from the SD-WAN Policy page.

To create an SD-WAN policy intent:

Select Configuration > SD-WAN > SD-WAN Policy in Customer Portal.
The SD-WAN Policy page appears.
Click the add icon (+).
The options to create policy intents appear inline on the SD-WAN Policy page.
Enter the policy intent information according to the guidelines provided in Table 1.
Click Save to create the policy intent.
The SD-WAN policy intent is saved and a confirmation message is displayed.

Note:
After the policy intent is created, you must deploy the policy to ensure that the changes take effect on the applicable sites, departments, or applications. When an SD-WAN policy intent is created, the Undeployed field is incremented by one indicating that intents are pending deployment.

Note:

The SD-WAN Essentials service does not support department-level policy intents or SLA-based steering profiles.

Table 1: Create SD-WAN Policy Intent Settings
Field	Guidelines
Source	You can select the source endpoints in one of the following ways: Click the + box under the Source field and then, Select source endpoints from the displayed list of IP addresses or IP address range, departments, sites, or site groups, or a combination of these. Click the source endpoints to select them. Note: If you are selecting an IP address, you must also select a specific site (not All Sites) or department (or both). The options Any-IPv4 and Any-IPv6 do not apply to SD-WAN policy deployments. Select the source endpoints from the complete list of IP addresses or IP address range, departments, sites, and site groups. To view the complete list of IP addresses or IP address range, departments, sites, and site groups. Click View more results. The complete list of departments, sites, and site groups is displayed in the End Points pane on the right. (Optional) Hover over a department or site group and click the edit icon to edit the department or site group. You cannot edit a site. Click the add icon (+) to select the endpoint. Start typing the endpoint name in the Source field. As you type, the filtered list of source endpoints is displayed. You can click the displayed source endpoint to select it. Create IP addresses, site groups, or departments to select the source endpoint from the newly created site group or department. To create addresses, site groups, or departments: Click anywhere within the Source field. Click the lesser-than icon (<) on the right. The list of available departments, sites, and site groups is displayed in the End Points pane on the right. (Optional) To view more information about a source endpoint, hover over the endpoint click the details icon. Click the add icon (+) on the top right of the pane. Click Address, Department, or Site Group as needed. The Add Department page or Create Site Group page appears based on your selection. See Creating Addresses or Address Groups, Add a Department, and Creating Site Groups for information about creating the endpoints. Click the check mark icon (√) if you want to save the department or site group to the policy intent. Alternatively, if you want to discard your updates, click Cancel instead.
Destination/Application	You can select the application endpoints in one of the following ways: Note: You can choose Any in the Applications field, only if the selected sites were upgraded to CSO 6.1.0 or later versions. The options Any-IPv4 and Any-IPv6 do not apply to SD-WAN policy deployments. The SDWAN policy intents do not support selecting none in the Apps field. Click in the + box under the Destination/Application field and then, Select Destination/Application endpoints from the displayed list of addresses, services (Layer 4 applications), applications and application groups (Layer 7 application). Click the endpoints to select them. Note: Layer 4 applications (services) and Layer 7 applications (applications or application groups) are mutually exclusive. You can choose either the services or the applications in the same intent. Select the Destination/Application endpoints from the complete list of applications and application groups. To view the complete list of applications and applications groups. Click View more results. The complete list of applications and applications groups is displayed in the End Points pane on the right. (Optional) Hover over an application group and click the edit icon to edit the application group. (Optional) Hover over an application and click the details icon to view details about the application. Click the add icon (+) to select the endpoint. Start typing the endpoint name in the Destination/Application field. As you type, the filtered list of source endpoints is displayed. Create custom Destination/Application endpoints and select them. To create a Destination/Application endpoint: Click anywhere within the Application field. Click the lesser-than icon (<) on the right. The list of available applications, departments, sites, and site groups is displayed in the End Points pane on the right. Click the add icon (+) on the top right of the pane. Click Application > Application Signature/Application Signature Group, Address, or Service. See Creating Addresses or Address Groups, Creating Services and Service Groups, Adding Application Signatures, Adding Application Signature Groups for more information about creating the endpoints. Click the check mark icon (√) if you want to save the application signature group to the policy intent. Alternatively, if you want to discard your updates, click Cancel instead.
Traffic Steering Profile	Click the + field under the Traffic Steering Profile field and then select a breakout profile, SLA-based profile, or a path-based profile to apply to the source and application endpoints. You can select the profile in one of the following ways: Select the breakout profile, SLA-based profile, or the path-based profile from the displayed list of profiles. Click the profile to select it. Select the profile from the complete list of breakout, SLA-based, or path-based profiles: To view the complete list of breakout, SLA-based, or path-based profiles. Click View more results. The complete list of profiles is displayed in the End Points pane on the right. Click the add icon (+) to select the profile. Select the profile by creating a custom SLA-based, path-based, or breakout profile: To create a traffic steering profile: Click anywhere within the Traffic Steering Profile field. Click the lesser-than icon (<) on the right. Click the add icon (+) on the top right of the pane and select SLA-Based Steering Profiles, Breakout Profiles, or Path-Based Steering Profiles. For more information about creating the traffic steering profiles, see Adding Breakout Profiles, Adding SLA-Based Steering Profiles, and Adding Path-Based Steering Profiles.
Options
Name	Enter a name for the policy intent.
Description	Enter a description for the policy intent.

Creating SD-WAN Policy Intents

Related Documentation