Meraki

Community

SD-WAN & traffic shaping

Solved
JeffHung
New here
‎Sep 10 2023 9:01 PM
‎Sep 10 2023 9:01 PM

SD-WAN & traffic shaping

I have a Meraki 84 connects 2 WANS,  WAN2 is CHT 500M and WAN1 is FarEasten 500M  , Primary uplink we are using WAN2

 

I would like to add a rule for Salesforce.com going to WAN1, what can I do? Thanks

 

 

JeffHung_0-1694405542729.png

 

0 Kudos
1 Accepted Solution
Chema-Spain
Getting noticed
‎Sep 10 2023 11:34 PM
‎Sep 10 2023 11:34 PM

Hi, Salesforce is mainly a public SaaS service (unless you are talking about private connect Salesforce) hence its traffic is not taking the SDWAN overlay. The rule you're are showing applies to SDWAN VPN traffic so it has nothing to do with internet traffic.

 

Every MX sends non VPN traffic as Local Break Out over the underlay path when it has no vpn route to destination. It then takes the default route present in the underlay table. In your case you have two wan interfaces (I supposed both are internet access circuits). Provided your primary uplink is uplink2, then by default Salesforce would take wan2 uplink. In order  to force this traffic to take uplink1 underlay, you should configure the proper rules in the table you can see above the one you are showing, up in the same pane. Table: Flow preference/Internet traffic.

 

The problem here is you should configure one rule per each Salesforce prefix you could be using based in your geography. This table does not support domain names but only IP prefixes.

 

HTH.

Regards,

Chema.

View solution in original post

0 Kudos
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 10 2023 11:16 PM
‎Sep 10 2023 11:16 PM

The screenshot is for the SD-WAN traffic. Internet traffic is controlled at the top of the page under “flow preferences”. They work based on IP addresses and not FQDNs.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
ww
Kind of a big deal
Kind of a big deal
‎Sep 10 2023 11:43 PM
‎Sep 10 2023 11:43 PM

Or, if you would have the sdwan+ license.  You get a list off applications(including salesforce) you can steer to wan1 or wan2

In response to KarstenI
JeffHung
New here
‎Sep 10 2023 11:46 PM
‎Sep 10 2023 11:46 PM

Thank you.

0 Kudos
Chema-Spain
Getting noticed
‎Sep 10 2023 11:34 PM
‎Sep 10 2023 11:34 PM

Hi, Salesforce is mainly a public SaaS service (unless you are talking about private connect Salesforce) hence its traffic is not taking the SDWAN overlay. The rule you're are showing applies to SDWAN VPN traffic so it has nothing to do with internet traffic.

 

Every MX sends non VPN traffic as Local Break Out over the underlay path when it has no vpn route to destination. It then takes the default route present in the underlay table. In your case you have two wan interfaces (I supposed both are internet access circuits). Provided your primary uplink is uplink2, then by default Salesforce would take wan2 uplink. In order  to force this traffic to take uplink1 underlay, you should configure the proper rules in the table you can see above the one you are showing, up in the same pane. Table: Flow preference/Internet traffic.

 

The problem here is you should configure one rule per each Salesforce prefix you could be using based in your geography. This table does not support domain names but only IP prefixes.

 

HTH.

Regards,

Chema.

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.