MEF 88 Application Security for SD-WAN Services

2021 Nov

Primary Resource for: SASE, SD-WAN

Product Portfolio: SASE, SD-WAN

Standard Type: Service Attributes


This Standard specifies the requirements needed to add Application Flow Security to SD-WAN Services.


As such, it is based on the SD-WAN Service Attributes and Service Framework, as specified in MEF 70.1 SD-WAN Service Attributes and Service Framework, where Application Flows are comprehensively defined. This Standard defines Security Policy as a set of parameters, the values of which are agreed between the Subscriber and Service Provider (as part of the SWVC List of Policies Service Attribute) and that specify which Security Functions are to be applied to an Application Flow. It also defines Security Functions that, when enabled, enforce Security Policies on a per-Application Flow basis by performing any of the following actions: IP, Port and Protocol Filtering, DNS Protocol Filtering, Domain Name Filtering, URL Filtering, Malware Detection and Removal, or decryption and re-encryption by a Middle-Box Function of a TLS-encrypted Application Flow. The capabilities required to support these Security Functions are also defined: Block List, Allow List, Quarantine List and Security Event Notification (SEN).

Standards published by MEF are intended for general distribution to the public and may be downloaded from this site and reproduced without charge. Any reproduction of MEF documents shall contain the following statement: “Reproduced with permission of MEF Forum.” All rights granted to MEF under applicable copyright laws are expressly reserved. No permission is granted to any recipient or user of MEF publications to modify any of the information contained therein and MEF disclaims all responsibility and liability for such modifications.

Be In the Industry—Join with industry peers to advance digital service & API standards.

Join MEF