The purpose of this article is to provide guidance of what software, hardware, license and management
tool is supported per release.
Citrix SD-WAN Software Feature Cheat Sheet (also attached for reference)
R11.2.1 – Sept 3, 2020 • 6100-PE
• UI refresh (210 only) • 210-AE and 210-LTE-AE tech preview • LAG (active-backup) for 2100 • Security stack realtime reporting in Orchestrator • First packet detection for Citrix Cloud and Citrix Gateway Service (control and data) • On-prem Orchestrator • RADIUS and TACACS+ Server timeout value increased from 10 sec to 60 secs R11.2.0 – June 11, 2020 • Azure VPXL (size F16) Virtual Path increase 128 -> 256 • Azure VPXL (size F8, F16) throughput increase 2Gbps - > 3Gbps simplex • 110 and 210 LTE network type options (3G, 4G, Both) • 110 and 210 LTE roaming options • Advanced Edition w/ Edge Security (1100 platform only) o Intrusion Prevention o Web Filtering o Malware protection • Checkpoint CloudGuard Edge VNF on 1100 only • DHCP Client on FTW/Bridge interfaces • /31 subnet support • Dynamic DNS service • Cloud Direct Service support extended to 2100,4100, & 6100 platforms • TLSv1.3 protocol support for HTTPS access R11.1.1 – May 18, 2020 • Dynamic DNS service • Configurable MGMT/Data port (110 and 210 only) • USB LTE modem support (110 and 210 only) o USA: Verizon (Global Modem USB730L) 4G only o USA: AT&T (Global Modem USB800) 4G only o Non-USA: Huawei (E3372h-510) 4G only • UI refresh (110 only) • ZTD/Day-0 provisioning via WAN interfaces (110 only) • New Minimal GUI (110 only) • Dynamic DNS support R11.1.0 – March 27, 2020 • Appliance default password -> serial # • VPX ESXi 6.5 support • 210-300-SE license • 210 LTE Firmware upgrades • 210 MCN capability • 110-SE & 110-LTE-SE o no fail-to-wire pair o no SFP • 1000 Virtual Path (6100 only, and Orchestrator only) • Cloud Direct Service available with Orchestrator (410, 210,and 1100 only) • Citrix Managed Desktop (CMD) • IPv6 WAN-side only • VDSL SFP (210 and 1100 only) • Open stack using CloudInit • Factory state in-band mgmt. • Azure Virtual WAN multiple links • Azure Virtual WAN inter-region hub-to-hub networking • O365 beacon service • Dual WAN links for IPsec • IPsec tunnels using Dynamic Public IPs • ICA session reconnect fix • IPFIX (AppFlow) SolarWinds, Splunk, etc. • Routing Domain enhancements o INTER Routing Domain service o Intermediate RD without VNI/VIP • Asymmetric PKI-based authentication for Virtual Path • Near Hitless Upgrade for HA deployments (Orchestrator only) R11.0.3 – Dec 19,2019 • VPX default password -> serial # • LTE active firmware updated (*.zip) R11.0.2 – Sep 18, 2019 • Palo Alto VNF (VM-50, 100) on 1100 only • HDX Auto-QoS fix for EDT • App classification based on domain (custom domains/URLs) • Network Admin user-account privilege level introduced. Network administrator has read-write access to the network settings only. • Certificate based authentication over Virtual Path to authenticate appliances before establishing the virtual paths between sites. R11.0.1 – Sep 4, 2019 Only Bug fixes made this release and no feature enhancements R11.0.0 – Jul 26, 2019 • 6K nodes in multi-region • GCP support for VPX/VPXL • SFP Y-Cable HA (210 and 1100 only) • HDX reporting on user-level for SDWC • O365 PAC file automation • Palo Alto Prisma API auto-configuration • Inband Management: Allows you to use the SD-WAN data ports for management, which carries both data and management traffic, without having to configure an addition management path. • Static LAG (Ling Aggregation Groups): Allows you to group two or more ports on your SD-WAN appliance to work together as a single port for increased availability, link redundancy, and enhanced performance. • Standby Metered Link Enhancements - Disable if Data Cap reached option is introduced • Cloud Direct Service available with SD-WAN Center (410, 210,and 1100 only) • Routing Enhancements o OSPF TAGGING Support o Protocol Preference (Prefer BGP over OSPF or vice-versa) o Routing Statistics enhancements o New AS PATH Length import filter (for route manipulation) • Security Admin role in SD-WAN Center - (Sec Admin Has the read-write access only for the Firewall and security-related settings in the Config Editor, while having read-only access to the other sections) • Packet Capture on Multiple Interfaces from appliances and Center • 210 SE LTE Auth enhancement - A new Authentication input field is introduced in the APN settings form. There are 4 possible values for this new field - None, PAP, CHAP, PAPCHAP. • Change Management optimization • RBAC management in SDWC R10.2.7 – July 7, 2020 • On-prem Orchestrator identify option in the device GUI • Enforced password change when accessed through REST API • DHCP Client support for MCN WAN interface R10.2.6 – Dec 27, 2019 • Default password -> serial # • LTE stability with new firmware • IPFIX (AppFlow) SolarWinds, Splunk, etc. • Security Fix R10.2.5 – Oct 4, 2019 • Intranet/Internet service Bandwidth share issue fix: 'ii' service is not getting its bandwidth share in WAN > LAN direction when Static VP, DVP, Intranet/Internet service is enabled on the same WAN link. R10.2.4 – Sep 3, 2019 • HDX Auto-QoS fix for EDT • LTE Modem Fix: LTE modem can go missing upon rebooting the SD-WAN 210 appliances. This is an intermittent issue where a power cycle must bring the modem back up online. R10.2.3 – Jun 11, 2019 • 6100-SE • RED enabled by default for HDX fair share • 100 Mbps SFP and E1T1 SFP on 1100 only • Support IP directed broadcast capability on SD-WAN appliances. The IP directed broadcast feature goal is to reach the target subnet with the broadcast packets without broadcasting to the entire network. R10.2.2 – Mar 29, 2018 • MCN appliance cert for SDWC relationship • 1100 SFP Y-Cable HA • DNS Forwarder for direct egress to SaaS • Zscaler API auto-configuration • PPPoE for edge router replacement • Allow default route to be filtered in a BGP NEIGHBOR POLICY using 0.0.0.0/32 or any prefix, such as 16 or 8 which is NON-ZERO R10.2.1 – Feb 28, 2018 • 5100-PE R10.2.0 – Dec 28, 2018 • 4100 Virtual Path increase 256 -> 550 • 2100 Virtual Path increase 128 -> 256 • 210 Virtual Path increase 8 -> 16 • 210-200-SE, 210-200-LTE-SE licenses added • O365 breakout • Application QoE - Measure quality of applications that flow through the virtual paths between two SD- WAN appliances • IPFix version 10 support • SDWAN Appliance Site Diagnostics feature with Ping, Traceroute and Bandwidth test all inclusive in a single pane • SDWAN Center Diagnostics for Ping, Traceroute and PCAP • DHCP Subnet change on WAN Link Alerts and Notification • DNS Forwarder Support • PPPoE • Bandwidth Auto-Provisioning for disparate bandwidths across branches • SDWAN Center support for ZScaler service • SDWAN Center support for Palo Alto GPCS • SDWAN Center install on HyperV environment - Microsoft Hyper-V 2012 R2 • Virtual Path Scale - 2100 (from 128 to 256), 4100 (from 256 to 553), 210 (from 8 to 16), 410 (from 16 to 24) R10.1.2 – Nov 8, 2019 • 1100-SE, 1100-PE R10.1.1 – Nov 8, 2019 • Azure Virtual WAN R10.1.0 – July 2018 • 210-LTE-SE • 210-100-SE, 210-100-LTE-SE licenses added • 410-300-SE license added • HDX/ICA MSI Auto-QoS (CVAD 7.17+, Windows 4.11) R10.0.8 – July 9, 2019 • Security fix R10.0.7 – Mar 27, 2019 • MCN appliance cert for SDWC relationship R10.0.6 – Feb 2, 2019 R10.0.5 – Nov 6, 2018 R10.0.2 – Jun 20, 2018 R10.0.1 – Apr 9, 2018 • 2100-2000-SE license R10.0 – Feb 28, 2018 • 2.5K nodes multi-region introduced • MCN/RCN support only VPX/VPXL/2000/2100/4000/4100/5100 • 5100-3000-SE and 4100-1000-SE licenses removed • 5100-5000-SE and 4100-3000-SE licenses added • 2100-EE(PE) • 210-SE (no MCN / RCN support) o single fail-to-wire pair • 410-20-SE, 410-150-SE licenses removed • 410-200-SE license added • VPX/VPXL 1G throughput in AWS and Hyper-V • VPX/VPXL 10G VIF for ESXi • VPX/VPXL 8 Ports