Citrix SD-WAN for SASE (Citrix Secure Access Service Edge)

There has been a lot of talk around “The Evolution of Work”, the digital migration, the move to cloud and certainly COVID-19 has crystallised this thinking, it has made employers think about alternative working practices. Gartner estimates there will be a 34% increase in spending on SaaS in the period 2020 to 2022 and recent surveys indicate 72% of employees would like to work remotely for at least 2 days a week moving forward. 

Along with this move comes an expectation from the users that the applications will perform, regardless of the location of the user or the SaaS based app. 

As a result, IT teams are now being tasked to implement underlying networks and security architectures that will support these flexible working processes, be able to deliver secure, performant access and scale easily. 

Secure Access Service Edge (SASE) is seen as the architecture that will deliver on these requirements. 

What is SASE (Secure Access Service Edge)?

Gartner have defined Secure Access Service Edge (SASE) as “A new architectural mode, a convergence of networking and comprehensive cloud delivered security with Unified Management”.  

SASE architectures unite networking and cloud delivered security into a single pass, high performance architecture with a unified management environment. 

It is important to understand that SASE is an architecture and not a single product, you can’t buy SASE, but you can buy products that when combined form the basis of a SASE architecture. The diagram below shows the Gartner view of SASE. 

A breakdown of this shows three main sections, Security, Networking, and a Unified Management overlay, and what is available to help fulfil on these and help deliver a SASE architecture. 

Citrix approach to SASE

“Citrix have a unified approach that meets ALL Gartner requirements for SASE”. We will look at this and briefly discuss the products that make up the Citrix approach to SASE. 

Citrix SD-WAN 

Citrix SD-WAN plays a critical role in the SASE architecture, it is fully application aware and delivers a secure, application delivery mechanism for on-premises workspace solutions and cloud-based applications. Citrix SD-WAN has an Advanced Edition option available on some devices providing local Web Filtering, anti-malware, IDS/IPS and SSL Inspection functionality and for other solutions Citrix SD-WAN has a comprehensive integration with Citrix Secure Internet Access providing secure and high-performance access to SaaS and internet. 

Citrix SIA & SD-WAN

Out of the box integration with Citrix SD-WAN simplifies branch deployment to just a few clicks with Citrix SD-WAN Orchestrator

It is important to understand an advantage of the Citrix SD-WAN solution is the integration of the new Citrix SIA platform making it easier for IT teams to deploy a converged security and networking solution from the cloud much faster than separate point solutions. Using Citrix SD-WAN Orchestrator administrators can automate the setup of tunnels between Citrix SD-WAN appliances and a Citrix SIA local Point of Presence (PoP) with just a few clicks.  

Simply put, the Citrix SD-WAN appliance when configured, connects to a primary and backup Citrix SIA PoP. It continually monitors these PoP’s and if the primary PoP fails the Citrix SD-WAN will redirect traffic to the backup PoP. 

This ensures Citrix SD-WAN and Citrix SIA together offer automated connectivity between Citrix SD-WAN appliances at branch locations and SaaS and Internet resources, providing resiliency and consistent, optimised application performance.  

Unified Management

Citrix Cloud provides unified management that integrates a single view of networking, security and analytics allowing policy-based management, visibility and troubleshooting.  

Secure Internet Access

Secure Internet Access (SIA) is not a single product but rather a group of products combining to provide users the secure access they need to SaaS and Internet when working from anywhere. SIA includes Secure Web Gateway, Firewall as a Service, Cloud Access Security Brokers (CASB), Data Loss Prevention (DLP) and Sandboxing features, all with their own bespoke configuration capabilities but all working together as a single solution.

For more details on SIA have a look at our blog: What is Citrix Secure Internet Access? • cloudDNA (

Citrix SD-WAN Orchestrator with the Citrix SIA administration tool, a unified management plane

Secure Workspace Access

Citrix Secure Workspace Access delivers on the Zero Trust Network Access (ZTNA) and Remote Browser Isolation as defined in the Gartner SASE requirements definition. 

A useful Citrix Blog on Citrix Secure Workspace Access – 


Secure Access Service Edge (SASE) is an architectural model defined by Gartner in 2019. SASE converges comprehensive networking and security capabilities to support the access needs of modern enterprises. Citrix have a unified approach that meets ALL Gartner requirements for SASE. 


To find out more about how Citrix’ unified approach can help you deliver a SASE architecture call 0330 010 3443 or email