SD-WAN Internet Policies Configuration
Dashboard Location: Security and SD-WAN > Configure > SD-WAN & Traffic Shaping > Internet Policies
SD-WAN Traffic Policy Management
Section titled “SD-WAN Traffic Policy Management”SD-WAN Internet Policies configuration in Meraki appliances provides administrators with comprehensive traffic steering and performance optimization capabilities, enabling intelligent uplink selection, application-aware routing, performance-based failover, and quality of service management. This functionality supports enterprise WAN optimization, business-critical application prioritization, bandwidth management, and network resilience through automated traffic engineering and dynamic path selection based on real-time network conditions.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”appliance (meraki.domains.organizations.networks)
Section titled “appliance (meraki.domains.organizations.networks)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| sdwan_internet_policies | List | [sdwan_internet_policies] | No |
sdwan_internet_policies (meraki.domains.organizations.networks.appliance)
Section titled “sdwan_internet_policies (meraki.domains.organizations.networks.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | Yes | |
| preferred_uplink | Choice | bestForVoIP, defaultUplink, loadBalancing, wan1, wan2 | Yes | |
| fail_over_criterion | Choice | poorPerformance, uplinkDown | No | |
| performance_class | Class | [performance_class] | No | |
| traffic_filters | List | [traffic_filters] | Yes |
performance_class (meraki.domains.organizations.networks.appliance.sdwan_internet_policies)
Section titled “performance_class (meraki.domains.organizations.networks.appliance.sdwan_internet_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | builtin, custom | No | |
| builtin_performance_class_name | Choice | VoIP | No | |
| custom_performance_class_name | String | No |
traffic_filters (meraki.domains.organizations.networks.appliance.sdwan_internet_policies)
Section titled “traffic_filters (meraki.domains.organizations.networks.appliance.sdwan_internet_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | application, custom, majorApplication | Yes | |
| value | Class | [value] | Yes |
value (meraki.domains.organizations.networks.appliance.sdwan_internet_policies.traffic_filters)
Section titled “value (meraki.domains.organizations.networks.appliance.sdwan_internet_policies.traffic_filters)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| protocol | Choice | any, icmp6, tcp, udp | No | |
| source | Class | [source] | Yes | |
| destination | Class | [destination] | Yes |
source (meraki.domains.organizations.networks.appliance.sdwan_internet_policies.traffic_filters.value)
Section titled “source (meraki.domains.organizations.networks.appliance.sdwan_internet_policies.traffic_filters.value)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| port | Any | Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | No | |
| vlan | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| host | Integer | min: 1, max: 254 | No |
destination (meraki.domains.organizations.networks.appliance.sdwan_internet_policies.traffic_filters.value)
Section titled “destination (meraki.domains.organizations.networks.appliance.sdwan_internet_policies.traffic_filters.value)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| port | Any | Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| cidr | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | No | |
| applications | List | [applications] | No |
applications (meraki.domains.organizations.networks.appliance.sdwan_internet_policies.traffic_filters.value.destination)
Section titled “applications (meraki.domains.organizations.networks.appliance.sdwan_internet_policies.traffic_filters.value.destination)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| id | String | min: 1, max: 127 | No | |
| name | String | min: 1, max: 127 | No | |
| type | String | min: 1, max: 127 | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates SD-WAN internet policies configuration.
This configuration implements intelligent traffic routing and policy-based path selection for SD-WAN connectivity. The example includes application-aware routing, traffic steering rules, and internet breakout policies for optimized WAN performance.
This comprehensive SD-WAN configuration creates sophisticated traffic engineering policies using multiple rule types and performance criteria. The “name” parameter identifies each policy (policy 1, policy 2, policy 3), while “traffic_filters” employ three distinct approaches: “type: custom” for protocol-based filtering with specific port ranges (1-1024) and CIDR blocks, “type: majorApplication” for categorizing major application suites like Office 365 with detailed application metadata including “id”, “name”, and “type: major” classifications, and “type: application” for granular NBAR-based application identification targeting specific services like Rackspace Hosted Exchange and Hotmail with source network targeting (192.168.20.0/24).
Specifically, “policy 1” implements custom traffic classification by matching TCP protocol traffic originating from source ports 1-1024 (covering system and well-known service ports) with unrestricted source CIDR ranges, while allowing traffic to flow to any destination CIDR and port combination. This policy routes matching traffic through the preferred WAN1 uplink with automatic failover to secondary links when “poorPerformance” conditions are detected (such as elevated latency, jitter, or packet loss). The policy applies the builtin “VoIP” performance class, ensuring voice and real-time communication traffic receives priority treatment with optimized jitter buffers, latency guarantees, and packet loss protection.
Similarly, “policy 2” leverages majorApplication filtering to identify and prioritize Office 365 Suite traffic using UDP protocol with source port range 1-1024, applying custom “Radius” performance class for authentication traffic optimization.
Meanwhile, “policy 3” employs granular application-based filtering targeting specific email services (Rackspace Hosted Exchange and Hotmail) from the 192.168.20.0/24 subnet using NBAR (Network-Based Application Recognition) technology for precise application identification and traffic steering with builtin VoIP performance class treatment.
NBAR application IDs can be obtained via /networks/{networkId}/appliance/firewall/l7FirewallRules/applicationCategories API
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - camera - switch - wireless - cellularGateway appliance: sdwan_internet_policies: - name: policy 1 traffic_filters: - type: custom value: protocol: "tcp" source: port: "1-1024" cidr: "any" destination: port: "any" cidr: "any" preferred_uplink: "wan1" fail_over_criterion: "poorPerformance" performance_class: type: builtin builtin_performance_class_name: VoIP - name: policy 2 traffic_filters: - type: majorApplication value: protocol: "udp" source: port: "1-1024" cidr: "any" destination: applications: - id: "meraki:layer7/application/1" name: "Office 365 Suite" type: "major" preferred_uplink: "wan1" fail_over_criterion: "poorPerformance" performance_class: type: custom custom_performance_class_name: Radius - name: policy 3 traffic_filters: - type: application value: protocol: "any" source: cidr: "192.168.20.0/24" destination: applications: - id: "meraki:layer7/application/7" name: "Rackspace Hosted Exchange" type: "nbar" - id: "meraki:layer7/application/39" name: "Hotmail" type: "nbar" preferred_uplink: "wan1" fail_over_criterion: "poorPerformance" performance_class: type: builtin builtin_performance_class_name: VoIP