Citrix SD-WAN Software Feature Cheat Sheet

Citrix SD-WAN Software Feature Cheat Sheet

book

Article ID: CTX269131

calendar_today

Updated On:

Description

The purpose of this article is to provide guidance of what software, hardware, license and management tool is supported per release. 

Citrix SD-WAN Software Feature Cheat Sheet (also attached for reference)
 

R11.4.2 –  Nov 2,2021• You can now configure the LTE interface-based WAN link as a Private Intranet WAN link. This enhancement provides you the flexibility of configuring the LTE interface as a Public Internet WAN link or a Private Intranet WAN link.
• The New UI for SD-WAN dashboard displays the following Orchestrator connectivity status:
    ○ Online State
    ○ Service State
    ○ DNS State
    ○ Local Gateway State
    ○ Failed Reason
    ○ Connected Through
• The Domain name-based applications now support configurable ports and protocol in Citrix SD-WAN Orchestrator service. When you select the Configure Port check box, you can edit, add, or delete any port or the port range as required. Also, you can change/select the protocol as TCP, UDP, or Any. Previously (and with configure port check box disabled), only ports 80 and 443, and protocol Any were supported for domains grouped under an application.
R11.4.0 – Apr 29,2021• SD-WAN Center and SD-WAN Config Editor deprecation announcement for 12.x
• New UI enabled by default on all platforms in Client Mode  
• API for static IP address on WAN ports in fallback configuration 
• SNMP MIBs added  
    ○ CPU utilization 
    ○ RAM utilization
    ○ WAN link physical and allow rates
• New UI enhancements
    ○ DNS Proxy Statistics monitoring 
    ○ SLAAC WAN links monitoring
• Inband Management support for HA deployments
• Advanced Edition patch/delta upgrade support of Edge Security subsystems  
• SDWAN Center dashboard defaults with multi-region visible 
• IPv6 support enhancements on SD-WAN devices  
    ○ IPFIX using templates 615 and 616
    ○ DNS proxy and DNS Transparent Forwarder (StaticV6 and
       DynamicV6)
• Equal Cost Multi-Path (ECMP) load balancing (static routes on IPsec/GRE tunnels, supported for Virtual Path and Intranet Services)
• Citrix Hypervisor 8.2 LTSR supported from 11.4.0 onwards
• Microsoft 365 optimization enhancements  
    ○ Granular classification (Teams Realtime, Exchange Online, Sharepoint
       Optimize, Teams TCP Fallback, Exchange Mail, Sharepoint Allow,        
       Office 365 Common) 
    ○ Intelligent ISP path selection
• Google Cloud Plataform (GCP) enhancements  
    ○ High Availability
    ○ 2Gpbs simplex throughput support
• 802.1X authentication using RADIUS server for LAN interfaces (PNAC) 
• 210 hard reset (reboot power) capability via CLI for devices with new motherboard 
R11.3.1 – Mar 1,2021• Check Point VM version 80.20 and above supported as VNF
• Router ID support per routing domain 
• 8 byte PPPoE header consider in MSS adjustments 
• Interface enable/disable configuration option 
• Inband Management support for HA deployments
• Fallback Configuration enhancement
    ○ Static IP configuration on WAN port for ZTD
• New UI enhancement 
    ○ Management IP Allow List configuration 
    ○ Metered link statistics
    ○ Orchestrator Cloud Connectivity status
    ○ Header updated to include model, bandwidth, and license type
• SNMP MIBs added
    ○ Appliance Statistics 
    ○ WAN Link Statistics
• IPv6 support enhancements on SD-WAN devices
    ○ Management Interface
    ○ RADIUS server
    ○ TACACS+ server
    ○ SMTP server
    ○ Syslog server
    ○ HTTP server
    ○ AppFlow/IPFIX
    ○ SNMP
    ○ Remote Licensing
    ○ Centralized Licensing
    ○ NTP server
    ○ Whitelist
    ○ New User Interface for SD-WAN appliance
    ○ Diagnostics
 
R11.3.0 – Dec 16,2020
• Change Management only supports *.zip SSUP (no longer support single *.tar.gz binary)
• 110-200-SE licenses added
• 410-AE – Advanced Security add-on licensing (Orchestrator only)
• UI refresh (VPX and 410 only)
• Premium Edition API support in Orchestrator 
• Advanced Edition enhancements 
    ○ SSL Inspection 
    ○ Intrusion Prevention – IPS profiles can be applied uniquely at the site-level
    ○ Web Filtering – HTTPS Options, Safe browsing options
    ○ Anti-Malware – Scan by file types, scan by MIME types, utilize external server URL for block page
• 802.1x WiFi Access Point capability (110 only)
• M5/C5 instance support on AWS (Nitro System Hypervisor)
• USB LTE modem support extended (1100, 2100)
• IPv6 support extended to LAN, MGMT, LTE modem, USB LTE, and other WAN services (Internet, Intranet)
• IPv6 support enhanced to support Parallel and Serial (FTW) HA deployments
• IPv6 support enhancements
    ○ IPv6-based static routes via ANY delivery service 
    ○ NDP RA (Routing Advertisement) support
    ○ Prefix Delegation on WAN and LAN interfaces
    ○ IPv6 DHCP Client/Server/Relay for LAN
    ○ IPv6 IPSec tunnel for Intranet and LAN types
    ○ IPv6 GRE tunnel for Intranet and LAN types
    ○ IPv6 IP and Applicable firewall rules
• LAG extended with LACP Mode 4 [802.3ad] providing fault tolerance and load balancing (active-active)
• DPI iXEngine 5.5 upgrade 
• RBAC enhancements for Network and Security Admin (Orchestrator only)
 
R11.2.3 – Jan 22,2021 
R11.2.2 – Oct 19,2020
• Advance Edition support extended to 210 platform
• USB LTE modem support for MBIM and NCM mode (110 and 210 only)
• Common Even Format (CEF) support for Edge Security logs
 
R11.2.1 – Sept 3,2020
• 6100-PE
• UI refresh (210 only)
• 210-AE and 210-LTE-AE tech preview (Orchestrator Only)
• LAG (active-backup) for 2100
• Security stack realtime reporting in Orchestrator
• First packet detection for Citrix Cloud and Citrix Gateway Service (control and data)
• On-prem Orchestrator
• RADIUS and TACACS+ Server timeout value increased from 10 sec to 60 sec
 
R11.2.0 – June 11,2020
• HDX QoE reporting in Orchestrator
• Azure VPXL (size F16) Virtual Path increase 128 -> 256
• Azure VPXL (size F8, F16) throughput increase 2Gbps -> 3Gbps simplex
• 110 and 210 LTE network type options (3G, 4G, Both) 
• 110 and 210 LTE roaming options 
• Advanced Edition w/Edge Security (1100 platform only) (Orchestrator Only)
    ○ Intrusion Prevention 
    ○ Web Filtering
    ○ Malware protection
• Check Point CloudGuard Edge VNF on 1100 only 
• DHCP Client on FTW/Bridge interfaces 
• /31 subnet support 
• Dynamic DNS service 
• Cloud Direct Service support extended to 2100, 4100 & 6100 platforms
• TLSv1.3 protocol support for HTTPS access
 

R11.1.1 – May 18,2020

• Dynamic DNS service
• Dynamic DNS service
• Configurable MGMT/Data port (110 and 210 only)
• USB LTE modem support (110 and 210 only)
    ○ USA: Verizon (Global Modem USB730L) 4G only
    ○ USA: AT&T (Global Modem USB800) 4G only
    ○ Non-USA: Huawei (E3372h-510) 4G only
 • UI refresh (110 only)
• ZTD/Day-0 provisioning via WAN interfaces (110 only)
• New minimal GUI (110 only)
• Dynamic DNS support

R11.1.0 – March 27,2020

• Appliance default password -> serial #
• VPX ESXi 6.5 support
• 210-300-SE license
• 210 LTE Firmware upgrade
• 210 MCN capability
• 110-SE & 110-LTE-SE
    ○ no fail-to-wire pair
    ○ no SFP
• 1000 Virtual Path (6100 only, and Orchestrator only)
• Cloud Direct Service available with Orchestrator (410, 210 and 1100 only) 
• Citrix Managed Desktop (CMD)
• IPv6 WAN-side only (Virtual Path Only)
• VDSL SFP (210 and 1100 only)
• Open stack using CloudInit
• Factory state in-band mgmt.
• Azure Virtual WAN multiple links
• Azure Virtual WAN inter-region hub-to-hub networking
• O365 beacon service
• Dual WAN links for IPsec
• IPsec tunnels using Dynamic Public IPs
• ICA session reconnect fix
• IPFIX (AppFlow) SolarWinds, Splunk, etc.
• Routing Domain enhancements
    ○ INTER Routing Domain service
    ○ Intermediate RD without VNI/VIP
• Asymmetric PKI-based authentication for Virtual Path
• Near Hitless Upgrade for HA deployments (Orchestrator only)

R11.0.3 – Dec 19,2019

• VPX default password -> serial #
• LTE active firmware updated (*.zip)

R11.0.2 – Sep 18, 2019

• Palo Alto VNF (VM-50, 100) on 1100 only
• HDX Auto-QoS fix for EDT
• App classification based on domain (custom domains/URLs)
• Network Admin user-account privilege level introduced. Network administrator has read-write access to the network settings only.
• Certificate based authentication over Virtual Path to authenticate appliances before establishing the virtual paths between sites.

R11.0.1 – Sep 4, 2019

Only Bug fixes made this release and no feature enhancements

R11.0.0 – Jul 26, 2019

• 6K nodes in multi-region
• GCP support for VPX/VPXL (max 400 Mbps simplex)
•SFP Y-Cable HA (210 and 1100 only)
• HDX reporting on user-level for SDWC
• O365 PAC file automation
• Palo Alto Prisma API auto-configuration
• Inband Management: Allows you to use the SD-WAN data ports for management, which carries both data and management traffic, without having to configure an addition management path.
• Static LAG (Link Aggregation Groups) - LACP Mode 1 [active-backup] providing fault tolerance
• Standby Metered Link Enhancements - Disable if Data
Cap reached option is introduced
• Cloud Direct Service available with SD-WAN Center (410, 210 and 1100 only)
• Routing Enhancements
    ○ OSPF TAGGING Support
    ○ Protocol Preference (Prefer BGP over OSPF or
vice-versa)
    ○ Routing Statistics enhancements
    ○ New AS PATH Length import filter (for route
manipulation)
• Security Admin role in SD-WAN Center - (Sec Admin
Has the read-write access only for the Firewall and
security-related settings in the Config Editor, while
having read-only access to the other sections)
• Packet Capture on Multiple Interfaces from
appliances and Center
• 210 SE LTE Auth enhancement - A new
Authentication input field is introduced in the APN
settings form. There are 4 possible values for this
new field - None, PAP, CHAP, PAPCHAP.
• Change Management optimization
• RBAC management in SDWC

R10.2.9 – Apr 15, 2021 
R10.2.8 – Oct 8, 2020 
R10.2.7 – July 7, 2020
• On-prem Orchestrator identify option in the device GUI
• Enforced password change when accessed through REST API
• DHCP Client Support for MCN WAN interface
 

R10.2.6 – Dec 27, 2019

• Default password -> serial #
• LTE stability with new firmware
• IPFIX (AppFlow) SolarWinds, Splunk, etc.
• Security Fix

R10.2.5 – Oct 4, 2019

• Intranet/Internet service Bandwidth share issue fix:
'ii' service is not getting its bandwidth share in WAN >
LAN direction when Static VP, DVP, Intranet/Internet
service is enabled on the same WAN link.

R10.2.4 – Sep 3, 2019

• HDX Auto-QoS fix for EDT
• LTE Modem Fix: LTE modem can go missing upon
rebooting the SD-WAN 210 appliances. This is an
intermittent issue where a power cycle must bring
the modem back up online.

R10.2.3 – Jun 11, 2019

• 6100-SE
• RED enabled by default for HDX fair share
• 100 Mbps SFP and E1T1 SFP on 1100 only
• Support IP directed broadcast capability on SD-WAN
appliances. The IP directed broadcast feature goal is
to reach the target subnet with the broadcast packets
without broadcasting to the entire network.

R10.2.2 – Mar 29, 2018

• MCN appliance cert for SDWC relationship
• 1100 SFP Y-Cable HA
• DNS Forwarder for direct egress to SaaS
• Zscaler API auto-configuration
• PPPoE for edge router replacement
• Allow default route to be filtered in a BGP NEIGHBOR
POLICY using 0.0.0.0/32 or any prefix, such as 16 or 8
which is NON-ZERO

R10.2.1 – Feb 28, 2018

• 5100-PE

R10.2.0 – Dec 28, 2018

• 4100 Virtual Path increase 256 -> 550
• 2100 Virtual Path increase 128 -> 256
• 210 Virtual Path increase 8 -> 16
• 210-200-SE, 210-200-LTE-SE licenses added
• O365 breakout
• Application QoE - Measure quality of applications
that flow through the virtual paths between two SDWAN
appliances
• IPFix version 10 support
• SDWAN Appliance Site Diagnostics feature with Ping,
Traceroute and Bandwidth test all inclusive in a single
pane
• SDWAN Center Diagnostics for Ping, Traceroute and
PCAP
• DHCP Subnet change on WAN Link Alerts and
Notification
• DNS Forwarder Support
• PPPoE
• Bandwidth Auto-Provisioning for disparate
bandwidths across branches
• SDWAN Center support for ZScaler service
• SDWAN Center support for Palo Alto GPCS
• SDWAN Center install on HyperV environment -
Microsoft Hyper-V 2012 R2
• Virtual Path Scale - 2100 (from 128 to 256), 4100
(from 256 to 553), 210 (from 8 to 16), 410 (from 16 to
24)

R10.1.2 – Nov 8, 2019

• 1100-SE, 1100-PE

R10.1.1 – Nov 8, 2019

• Azure Virtual WAN

R10.1.0 – July 2018

• 210-LTE-SE
• 210-100-SE, 210-100-LTE-SE licenses added
• 410-300-SE license added
• HDX/ICA MSI Auto-QoS (CVAD 7.17+, Windows 4.11)

R10.0.8 – July 9, 2019

• Security fix

R10.0.7 – Mar 27, 2019

• MCN appliance cert for SDWC relationship

R10.0.6 – Feb 2, 2019

R10.0.5 – Nov 6, 2018

R10.0.2 – Jun 20, 2018

R10.0.1 – Apr 9, 2018

• 2100-2000-SE license

R10.0 – Feb 28, 2018

• 2.5K nodes multi-region introduced
• MCN/RCN support only
VPX/VPXL/2000/2100/4000/4100/5100
• 5100-3000-SE and 4100-1000-SE licenses removed
• 5100-5000-SE and 4100-3000-SE licenses added
• 2100-EE(PE)
• 210-SE (no MCN / RCN support)
    ○ single fail-to-wire pair
• 410-20-SE, 410-150-SE licenses removed
• 410-200-SE license added
• VPX/VPXL 1G throughput in AWS and Hyper-V
• VPX/VPXL 10G VIF for ESXi
• VPX/VPXL 8 Ports

Powered by Wolken Software