The purpose of this article is to provide guidance of what software, hardware, license and management
tool is supported per release.
Citrix SD-WAN Software Feature Cheat Sheet (also attached for reference)
R11.2.1 – Sept 3, 2020
R11.2.0 – June 11, 2020
R11.1.1 – May 18, 2020
R11.1.0 – March 27, 2020
• 6100-PE
• UI refresh (210 only)
• 210-AE and 210-LTE-AE tech preview
• LAG (active-backup) for 2100
• Security stack realtime reporting in Orchestrator
• First packet detection for Citrix Cloud and Citrix
Gateway Service (control and data)
• On-prem Orchestrator
• RADIUS and TACACS+ Server timeout value increased
from 10 sec to 60 secs
• Azure VPXL (size F16) Virtual Path increase 128 -> 256
• Azure VPXL (size F8, F16) throughput increase 2Gbps -
> 3Gbps simplex
• 110 and 210 LTE network type options (3G, 4G, Both)
• 110 and 210 LTE roaming options
• Advanced Edition w/ Edge Security (1100 platform
only)
o Intrusion Prevention
o Web Filtering
o Malware protection
• Checkpoint CloudGuard Edge VNF on 1100 only
• DHCP Client on FTW/Bridge interfaces
• /31 subnet support
• Dynamic DNS service
• Cloud Direct Service support extended to 2100,4100,
& 6100 platforms
• TLSv1.3 protocol support for HTTPS access
• Dynamic DNS service
• Configurable MGMT/Data port (110 and 210 only)
• USB LTE modem support (110 and 210 only)
o USA: Verizon (Global Modem USB730L) 4G only
o USA: AT&T (Global Modem USB800) 4G only
o Non-USA: Huawei (E3372h-510) 4G only
• UI refresh (110 only)
• ZTD/Day-0 provisioning via WAN interfaces (110 only)
• New Minimal GUI (110 only)
• Dynamic DNS support
• Appliance default password -> serial #
• VPX ESXi 6.5 support
• 210-300-SE license
• 210 LTE Firmware upgrades
• 210 MCN capability
 • 110-SE & 110-LTE-SE
o no fail-to-wire pair
o no SFP
• 1000 Virtual Path (6100 only, and Orchestrator only)
• Cloud Direct Service available with Orchestrator (410,
210,and 1100 only)
• Citrix Managed Desktop (CMD)
• IPv6 WAN-side only
• VDSL SFP (210 and 1100 only)
• Open stack using CloudInit
• Factory state in-band mgmt.
• Azure Virtual WAN multiple links
• Azure Virtual WAN inter-region hub-to-hub
networking
• O365 beacon service
• Dual WAN links for IPsec
• IPsec tunnels using Dynamic Public IPs
• ICA session reconnect fix
• IPFIX (AppFlow) SolarWinds, Splunk, etc.
• Routing Domain enhancements
o INTER Routing Domain service
o Intermediate RD without VNI/VIP
• Asymmetric PKI-based authentication for Virtual Path
• Near Hitless Upgrade for HA deployments
(Orchestrator only)
R11.0.3 – Dec 19,2019 • VPX default password -> serial #
• LTE active firmware updated (*.zip)
R11.0.2 – Sep 18, 2019 • Palo Alto VNF (VM-50, 100) on 1100 only
• HDX Auto-QoS fix for EDT
• App classification based on domain (custom
domains/URLs)
• Network Admin user-account privilege level
introduced. Network administrator has read-write
access to the network settings only.
• Certificate based authentication over Virtual Path to
authenticate appliances before establishing the
virtual paths between sites.
R11.0.1 – Sep 4, 2019 Only Bug fixes made this release and no feature
enhancements
R11.0.0 – Jul 26, 2019 • 6K nodes in multi-region
• GCP support for VPX/VPXL
• SFP Y-Cable HA (210 and 1100 only)
• HDX reporting on user-level for SDWC
• O365 PAC file automation
• Palo Alto Prisma API auto-configuration
• Inband Management: Allows you to use the SD-WAN
data ports for management, which carries both data
 and management traffic, without having to configure
an addition management path.
• Static LAG (Ling Aggregation Groups): Allows you to
group two or more ports on your SD-WAN appliance
to work together as a single port for increased
availability, link redundancy, and enhanced
performance.
• Standby Metered Link Enhancements - Disable if Data
Cap reached option is introduced
• Cloud Direct Service available with SD-WAN Center
(410, 210,and 1100 only)
• Routing Enhancements
o OSPF TAGGING Support
o Protocol Preference (Prefer BGP over OSPF or
vice-versa)
o Routing Statistics enhancements
o New AS PATH Length import filter (for route
manipulation)
• Security Admin role in SD-WAN Center - (Sec Admin
Has the read-write access only for the Firewall and
security-related settings in the Config Editor, while
having read-only access to the other sections)
• Packet Capture on Multiple Interfaces from
appliances and Center
• 210 SE LTE Auth enhancement - A new
Authentication input field is introduced in the APN
settings form. There are 4 possible values for this
new field - None, PAP, CHAP, PAPCHAP.
• Change Management optimization
• RBAC management in SDWC
R10.2.7 – July 7, 2020 • On-prem Orchestrator identify option in the device
GUI
• Enforced password change when accessed through
REST API
• DHCP Client support for MCN WAN interface
R10.2.6 – Dec 27, 2019 • Default password -> serial #
• LTE stability with new firmware
• IPFIX (AppFlow) SolarWinds, Splunk, etc.
• Security Fix
R10.2.5 – Oct 4, 2019 • Intranet/Internet service Bandwidth share issue fix:
'ii' service is not getting its bandwidth share in WAN >
LAN direction when Static VP, DVP, Intranet/Internet
service is enabled on the same WAN link.
R10.2.4 – Sep 3, 2019 • HDX Auto-QoS fix for EDT
• LTE Modem Fix: LTE modem can go missing upon
rebooting the SD-WAN 210 appliances. This is an
intermittent issue where a power cycle must bring
the modem back up online.
R10.2.3 – Jun 11, 2019 • 6100-SE
• RED enabled by default for HDX fair share
• 100 Mbps SFP and E1T1 SFP on 1100 only
• Support IP directed broadcast capability on SD-WAN
appliances. The IP directed broadcast feature goal is
to reach the target subnet with the broadcast packets
without broadcasting to the entire network.
R10.2.2 – Mar 29, 2018 • MCN appliance cert for SDWC relationship
• 1100 SFP Y-Cable HA
• DNS Forwarder for direct egress to SaaS
• Zscaler API auto-configuration
• PPPoE for edge router replacement
• Allow default route to be filtered in a BGP NEIGHBOR
POLICY using 0.0.0.0/32 or any prefix, such as 16 or 8
which is NON-ZERO
R10.2.1 – Feb 28, 2018 • 5100-PE
R10.2.0 – Dec 28, 2018 • 4100 Virtual Path increase 256 -> 550
• 2100 Virtual Path increase 128 -> 256
• 210 Virtual Path increase 8 -> 16
• 210-200-SE, 210-200-LTE-SE licenses added
• O365 breakout
• Application QoE - Measure quality of applications
that flow through the virtual paths between two SD-
WAN appliances
• IPFix version 10 support
• SDWAN Appliance Site Diagnostics feature with Ping,
Traceroute and Bandwidth test all inclusive in a single
pane
• SDWAN Center Diagnostics for Ping, Traceroute and
PCAP
• DHCP Subnet change on WAN Link Alerts and
Notification
• DNS Forwarder Support
• PPPoE
• Bandwidth Auto-Provisioning for disparate
bandwidths across branches
• SDWAN Center support for ZScaler service
• SDWAN Center support for Palo Alto GPCS
• SDWAN Center install on HyperV environment -
Microsoft Hyper-V 2012 R2
• Virtual Path Scale - 2100 (from 128 to 256), 4100
(from 256 to 553), 210 (from 8 to 16), 410 (from 16 to
24)
R10.1.2 – Nov 8, 2019 • 1100-SE, 1100-PE
R10.1.1 – Nov 8, 2019 • Azure Virtual WAN
R10.1.0 – July 2018 • 210-LTE-SE
• 210-100-SE, 210-100-LTE-SE licenses added
 • 410-300-SE license added
• HDX/ICA MSI Auto-QoS (CVAD 7.17+, Windows 4.11)
R10.0.8 – July 9, 2019 • Security fix
R10.0.7 – Mar 27, 2019 • MCN appliance cert for SDWC relationship
R10.0.6 – Feb 2, 2019
R10.0.5 – Nov 6, 2018
R10.0.2 – Jun 20, 2018
R10.0.1 – Apr 9, 2018 • 2100-2000-SE license
R10.0 – Feb 28, 2018 • 2.5K nodes multi-region introduced
• MCN/RCN support only
VPX/VPXL/2000/2100/4000/4100/5100
• 5100-3000-SE and 4100-1000-SE licenses removed
• 5100-5000-SE and 4100-3000-SE licenses added
• 2100-EE(PE)
• 210-SE (no MCN / RCN support)
o single fail-to-wire pair
• 410-20-SE, 410-150-SE licenses removed
• 410-200-SE license added
• VPX/VPXL 1G throughput in AWS and Hyper-V
• VPX/VPXL 10G VIF for ESXi
• VPX/VPXL 8 Ports

Additional Resources
 CTX269131