Scenario: Directing application traffic to a transport service
Kaspersky SD-WAN supports application-level traffic identification. This functionality can be used when defining QoS policies for the following purposes:
- Directing application traffic through a specific WAN interface of a CPE device, for example, in accordance with the SLA values of path metrics.
- Dropping the traffic of a certain application on the CPE device to prevent this traffic from entering the SD-WAN network.
This scenario provides step-by step instructions for directing traffic of one or more applications to the transport service. Before following this scenario, you must create a transport service to which the application traffic is to be directed.
The scenario for directing application traffic to a transport service involves the following steps:
- Creating a traffic classification rule
A traffic classification rule is used to identify the traffic of a specific application from the overall data stream. When creating a traffic classification rule, you must select the L3 protocol on the L3 fields tab, and select the application whose traffic you want to direct to the transport service on the DPI tab.
To direct traffic of multiple applications to a transport service, create a traffic classification rule for each of them.
- Creating a traffic filter
A traffic filter determines whether the routing of an application's traffic is allowed. When creating a traffic filter, you must add a traffic classification rule for an application or multiple classification rules.
- Creating an ACL interface
An ACL interface applies a filter to traffic that passes through it. When creating an ACL interface, you must select a traffic filter for the application.
- Adding the ACL interface to the transport service
You must edit the settings of the transport service and add an ACL interface through which application traffic will arrive to the service.
