Citrix SD-WAN v11.4 Release

On 28th April 2021 Citrix released v11.4 of their Citrix SD-WAN firmware, available initially via Citrix SD-WAN Orchestrator.

The Citrix SD-WAN documentation states “Citrix SD-WAN provides an unparalleled experience for mission and business-critical applications delivered from any location with comprehensive security that protects users, applications, and data across the branch, network, and cloud”.

But, as with everything, there are always improvements to be made and faults to be corrected.

The full list of new features in v11.4 is not long, there is a link at the end of this document to the release notes which lists all the new features.

Point of Note: As at the release date of this version of firmware the Citrix Download web page recommends the following when considering upgrades:

  • 11.2.3 is currently recommended for customers requiring our most stable release.
  • 11.3.1 or above is recommended for customers requiring specific new features or bug fixes introduced since 11.2.3.

So, with the above in mind, be sure that you actually need to go to v11.4 and that when you plan the upgrade you do everything you should before an upgrade. Take a backup, make sure you have a recovery process.

Another point of note:

This v11.4 release will be the last v11.x release that includes new features. Citrix will continue with new features in the upcoming v12.0 release. The v11.x will continue to have software maintenance until June 2023. If you need more information on Citrix product life cycles then, please, follow this link: Citrix Product Matrix – Citrix

What’s new in v11.4 release?

Citrix SD-WAN New UI enhancements

The Citrix SD-WAN New UI includes the following enhancements:

    • The look and feel of the Citrix SD-WAN New UI is changed to reflect the new colour and font as per Citrix rebranding.
    • Monitoring feature parity in new Citrix SD-WAN UI
    • The New UI is enabled, by default, on all the Citrix SD-WAN appliances that are configured as clients.
    • You can view the LACP LAG interface details.
    • DNS Proxy Statistics monitoring
    • SLAAC WAN links monitoring

From my perspective these sorts of things needed to be done. I have found the new UI lacking in functionality and have on many an occasion reverted to the “Legacy UI” especially when trying to view monitor stats.

ECMP load balancing

Equal Cost Multi-Path (ECMP) groups allow you to group multiple routes, with the same cost, destination, and service type. ECMP load balancing ensures:

    • Distribution of traffic over multiple equal-cost connections.
    • Optimal usage of available bandwidth.
    • Dynamic transfer of traffic to other ECMP member route, if a route becomes unreachable.
    • ECMP supports static routes on IPsec/GRE tunnels.
    • ECMP groups can be formed over Virtual Paths and Intranet services.

Office 365

Citrix SD-WAN v11.4.0 provides a more granular classification of the Allow and Optimise Office 365 categories.

An extract from the release notes shows the following enhancements:

The Optimise category is classified into the following subcategories:

    • Teams Real-time
    • Exchange Online
    • SharePoint Optimise

The Allow category is classified into the following subcategories:

    • Teams TCP Fallback
    • Exchange Mail
    • SharePoint Allow
    • Office365 Common

We already know that the O365 optimisation within Citrix SD-WAN allows for the selection of the best point of entry into the Microsoft network (Beacon-based ISP path), now with these enhancements this selection is more ”intelligent”, providing data to allow for best path selection which includes direct internet (intelligent ISP selection) and now backhaul to DC or alternative site.

The outcome from these enhancements allows the Citrix SD-WAN appliances to be able to selectively “bookend” applications within O365 to improve the performance. This is important for the more network-sensitive Office 365 traffic such as Teams.

What does “bookending” mean? It basically means directing network-sensitive traffic to SD-WAN in the cloud (Cloud Direct or an SD-WAN VPX on Azure), or from an at-home SD-WAN device to an SD-WAN at a nearby location with more reliable Internet.

connectivity, enables QoS and superior connection resilience compared to simply steering the traffic to the nearest Office 365 front door. A bookended SD-WAN solution with QoS reduces VoIP dropouts and disconnects, reduces jitter, and improves media-quality mean opinion scores for Microsoft Teams.

In-band management

In-band Management now supports High Availability device pairs. The appliances in a High Availability pair communicate with each other using in-band access.

Support for Citrix SD-WAN SE HA in Google Cloud Platform (GCP)

You can now configure a Citrix SD-WAN SE instance on GCP with High Availability.

Also, a Citrix SD-WAN instance on GCP now supports a higher throughput of 1 Gbps.

Citrix Hypervisor Support

Citrix SD-WAN is supported on Citrix Hypervisor 8.2 from 11.4.0 release onwards.

IPv6 Support for DNS Proxy and DNS Transparent Forwarder

Citrix continues to develop their support for IPv6 and with the Citrix SD-WAN v11.4 they introduce support for IPv6 addresses for configuring DNS Proxy and DNS Transparent Forwarding.

IPv6 support for IPFIX

Citrix SD-WAN supports IPv6 addresses for IPFIX. Citrix SD-WAN uses templates 615 and 616 to export IPv6 IPFIX flow data.

Patch upgrade support for Edge Security components

Citrix SD-WAN Advanced Edition (AE) supports patch upgrade mechanism that allows upgrade of the Edge Security subsystem.

If you upgrade from an existing release with edge security enabled to a higher release, which includes a newer version of the edge security component, only the parity of the subsystem updates will be downloaded and upgraded.

That’s about it from me, remember for a complete list of features and fixes in v11.4 you can read the release notes, just follow this link: What’s New (



If you want to talk to someone about this release or to find out more about Citrix SD-WAN and how it can help to address user and enterprise requirements call 0330 010 3443 or email