About SD-WAN Groups

An SD‑WAN group is a logical set of interfaces that work together to optimize how traffic moves across the network. SD‑WAN monitors link conditions—such as latency, packet loss, and jitter—and uses these metrics to choose the best path for each flow. This helps improve application performance, increase reliability, and support dynamic, policy‑based routing across multiple network links.

SD‑WAN supports physical interfaces, Virtual WAN (VLAN) interfaces, and both numbered and unnumbered VPN tunnel interfaces. These interface types are available when you create an SD‑WAN group. SD‑WAN groups can be used for load balancing and for dynamic path selection based on the service‑level agreement (SLA) criteria that each interface path meets.

SD‑WAN groups are organized by the type of interfaces they include. There are two types of SD‑WAN groups.

• VPN SD‑WAN Groups: Use a this group when you need to route traffic through secure, encrypted VPN tunnels between remote sites.

  VPN SD‑WAN groups use VPN tunnel interfaces, such as:

  • Numbered VPN tunnel interfaces

  • Unnumbered VPN tunnel interfaces

• Non‑VPN SD‑WAN Groups: Use a this group for routing traffic over local or public network links that don’t require encryption.

  Non‑VPN SD‑WAN groups use non‑VPN zone interfaces, such as:

  • WAN interfaces

  • LAN interfaces

  • DMZ interfaces

  • WLAN interfaces

  • VLAN subinterfaces

SonicOS 8.2.1 and later versions support mixing multiple non‑VPN zone interfaces—including LAN, DMZ, WLAN, and WAN—within the same SD‑WAN group.

To maintain a clear separation between encrypted and non‑encrypted transport paths, SonicOS does not allow mixing VPN and non‑VPN interfaces within the same SD‑WAN group.

The SD‑WAN Groups page displays the custom pool of interfaces that are used to provide optimized and resilient traffic flow.

Name	Name of the SD-WAN group.
Zone	The zone of the interface member.
IP Address	IP address of physical, virtual (VLAN) interfaces or Numbered Tunnel Interfaces. Un-Numbered will be 0.0.0.0.
SD-WAN Gateway	The remote endpoint used to establish and manage SD‑WAN tunnel connections.
Link Status	Indicates whether the link is: Link Up (green) Link Down (red)
Priority	Priority of the interface in the group.
Cost	A priority value that determines which SD‑WAN interface is preferred; lower cost indicates higher priority.
Ingress Bandwidth	The maximum incoming bandwidth available on an interface for SD‑WAN traffic.
Egress Bandwidth	The maximum outgoing bandwidth available on an interface for SD‑WAN traffic.

To customize the SD‑WAN Groups page view, click Grid Settings at the top‑right of the page, and then select or clear the checkboxes based on your viewing preferences.

The SD-WAN Gateway, Cost, Ingress Bandwidth, and Egress Bandwidth fields are supported in SonicOS 8.2.1 and later versions.