Citrix have just released v11.2 of their Citrix SD-WAN firmware

The Citrix SD-WAN documentation states “Citrix SD-WAN provides an unparalleled experience for mission and business critical applications delivered from any location with comprehensive security that protects users, applications, and data across the branch, network and cloud”.  But, as with everything, there are always improvements to be made and faults to be corrected.

The list of new features in v11.2 is not long, below is an extract of those I think are of note. (You can read the full list in the release notes, links to that are at the bottom of this document.)

What’s new in v11.2 Release?

Edge Security

  • The Citrix SD-WAN Edge Security capability enables advanced security on Citrix SD-WAN branch appliances. It simplifies information security management by providing a single management and reporting pane for Network Edge Security. It eliminates the need for multiple branch solutions by consolidating routing, SD-WAN, and security capabilities on a single appliance. This reduces network complexity, operational cost, and provides a more secure network edge. The Edge Security stack includes the following security functionality:
  • Web filtering
  •  Anti-Malware
  • Intrusion Prevention
    • This is the big one for v11.2 which is the introduction of support for the new Advanced Edition (AE) of Citrix SD-WAN.
    • NOTE: this is only available via “Citrix Cloud Orchestrator” based deployments.  As far as I’m aware this is also restricted to the 1100 hardware appliance at present.

(page 6 on the latest data sheet –  https://www.citrix.com/en-gb/products/citrix-sd-wan/citrix-networking-data-sheet.html )

Check Point Firewall

  • The Check Point CloudGuard Edge is integrated with the SD-WAN 1100 platform to provide advanced security for branch appliances.
  • The Check Point CloudGuard Edge supplies next-generation firewall features such as URL Filtering, Anti-Virus, SSL Inspection, and Intrusion Prevention.
  • This integration offers the ability to deploy the secure SD-WAN at the branch locations using Citrix SD-WAN Centre while managing the security policies with the Check Point management platform.
    • A big announcement earlier this year (May 14th 2020 – https://www.citrix.com/blogs/2020/05/14/citrix-check-point-software-support-choice-in-protecting-the-wan-edge/ ) was the Citrix partnership with Check Point. Now, with the release of v11.2 firmware comes the support, a Check Point CloudGuard Edge virtual machine (VM) can be hosted on the Citrix SD-WAN 1100 branch appliance providing customers with granular control of their security and data.Not to forget, if you don’t have an 1100, any Citrix SD-WAN appliance can connect directly to the Check Point CloudGuard Connect, where they are able to leverage Check Point’s advanced threat prevention as a cloud-hosted service. (other cloud hosted services are also available)
    • Not to forget, if you don’t have an 1100, any Citrix SD-WAN appliance can connect directly to the Check Point CloudGuard Connect, where they are able to leverage Check Point’s advanced threat prevention as a cloud-hosted service. (other cloud hosted services are also available)

Support 256 virtual paths with SD-WAN SE in Azure

  • Earlier, 128 virtual paths were supported in Azure. From release 11.2 onwards, 256 virtual paths are supported with SD-WAN SE in Azure.
    • I think this needs a quick note. I am seeing a number of new deployments in which Citrix SD-WAN VPX’s are being deployed in Azure and by the nature of the networks they are supporting the logic is to make those VPX’s the MCN. This increase in supported virtual paths (and by definition sites) is a good extension to the MCN capabilities.

Enable packet duplication for ICA real-time

  • Packet duplication is now enabled by default for HDX real-time traffic when multi-stream Independent Computing Architecture (ICA) is in use.And finally, I think this is an interesting enhancement. If you have an environment that is ICA Multi Stream enabled, then the real-time packets will be sent over ALL available networks (much the same as VoIP) providing users with the best possible experience.
    • And finally, I think this is an interesting enhancement. If you have an environment that is ICA Multi Stream enabled, then the real-time packets will be sent over ALL available networks (much the same as VoIP) providing users with the best possible experience.
    • If you are not aware, in the case of packet duplication, the same packet is sent across all available links in the overlay and the receiving device will accept the first packet to arrive and drop all the duplicates. This ensures that user experience is supported by the best available link at all times.

That’s about it from me, remember for a complete list of features and fixes in v11.2 you can read the release notes, just follow this link: https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/netscaler-sd-wan/Citrix-SD-WAN-11-2-0-Release-Notes.pdf

FIND OUT MORE

If you would like to talk to someone about these releases or to find out more about Citrix SD-WAN and how it can help to address user and enterprise requirements, please call 0330 010 3443 or email hello@clouddnagroup.com.