Cisco Catalyst SD-WAN Policy Groups Configuration Guide, Releases 26.x and Later

PDF

Create an application priority and SLA policy

Updated: March 10, 2026

Want to summarize with AI?

Log in

Provides instructions for creating application priority and SLA policies, guiding users through configuration steps to establish differentiated services and enforce SLAs.

Follow these steps to create or edit an application priority and sLA policy.

Procedure

1.

Click + Application priority & SLA policy.l
2.

To edit an existing policy, click the ellipsis icon next to the policy under Action, and then click Edit.
3.

Choose one of these business relevance categories:

  • Gold (Business-relevant): Likely to be important for business operations, for example, WebEx software.

  • Silver (Default): No determination of relevance to business operations.

  • Bronze (Business-irrelevant): Unlikely to be important for business operations, for example, gaming software.

Within each business relevance category, the workflow groups applications into application lists, such as broadcast video, multimedia conferencing, and VoIP telephony.

Note
When you upgrade Cisco SD-WAN Manager, built-in protocol pack gets updated. This might affect the existing policy groups which are using the Application priority and SLA policy in the non-advanced layout. You need to redeploy the policies when there is an upgrade. If policy is in the advanced layout, the upgrade will not affect the policy group.
Table 1. Fabric traffic policy

Field

Description

Preferred Path

To configure a preferred path, choose one or more colors of the data plane tunnel or tunnels from the drop-down list. Traffic is load-balanced across all the tunnels. If no tunnels match the SLA, data traffic is sent through any available tunnel.

The preferences apply in order of priority to determine the path or color for forwarding traffic.

When SLA not met

Choose Strict/Drop to perform strict matching of the SLA class. If no data plane tunnel is available that satisfies the SLA criteria, traffic is dropped.

Choose Fallback to best path to configure the best available tunnel to avoid a packet drop. This is the default.

Backup Path : Path for traffic to use if the primary path fails.

Backup Path

To configure an alternate path for traffic flow, choose a path from the drop-down list.

Traffic Filtering

Click Edit to view and update app classification based on the business relevance. Choose a service provider class option and drag and drop the applications into different classes such as Gold or Bronze and click Save to update the configuration.

SLA

Add the SLA class in the traffic policy. Click Edit to configure the SLA class by adjusting the values for Loss (%), Latency (ms), or Jitter (ms) for the traffic policy.

QoS Queues

Click Add QoS Policy to add a QoS queue. Click Edit to configure the QoS Queues. Choose one of the following values for the QoS queuing model:

  • 4 Queues

  • 5 Queues

  • 6 Queues

  • 8 Queues

Table 2. Internet Offload Traffic

Field

Description

Secure Internet Gateway

Choose an application or application family list to tunnel traffic through a Secure Internet Gateway.

Enable Fallback to routing for traffic to undergo normal routing if the SIG tunnels are down.

Starting from Cisco Catalyst SD-WAN Manager Release 20.18.1 , you can choose a Cloud OnRamp for SaaS-capable application (Cloud OnRamp for SaaS applications with common user defined endpoints) from the Secure Internet Gateway dropdown.

Direct Internet Access

Select an application or application family list to allow direct internet access.

Enable Fallback to routing for traffic to undergo normal routing if Direct Internet Access (DIA) is not available.

Starting from Cisco Catalyst SD-WAN Manager Release 20.18.1 , you can choose a Cloud OnRamp for SaaS-capable application (Cloud OnRamp for SaaS applications with common user defined endpoints) from the Direct Internet Access dropdown.

Table 3. Apply Policy​

Field

Description

Target

Configure the following parameters:

  • Direction : Choose the direction for applying the policy:

    • All : Bidirection traffic flow

    • Service : Incoming traffic from service.

    • Tunnel : Incoming traffic from the tunnel.

  • VPN : Choose a target VPN from the drop-down list.

  • Interface : Specify a value or a variable for the Ethernet interface or DSL PPPoE interface type for applying the QoS policy.