Citrix SD-WAN Orchestrator

What’s new

September 29, 2022

Fixes

  • SDW-23725: Citrix SD-WAN Orchestrator service failed to process the virtual path route records that did not have a static virtual path to the site.

  • SDWANHELP-2769: The Rollback banner on the Change Management Settings page was not cleared after the SD-WAN appliance was up and auto corrected to the correct version.

September 15, 2022

Configuration

HTTP server configuration

Citrix SD-WAN Orchestrator service now supports Certificate-based authentication for HTTPS push notifications to the server URL. Ensure to upload the client certificate in PEM format and the secret key in PKCS8 format.

[SDW-23898]

Fixes

  • SDW-24143: On the site level Configuration> Appliance Settings > SNMP page, users were unable to update multiple destination IP addresses as a semi-colon separated list.

August 23, 2022

Miscellaneous

Citrix SD-WAN 11.5 release

Citrix SD-WAN 11.5 release is supported in Citrix SD-WAN Orchestrator service. SD-WAN 11.5.0 release is available only via Citrix SD-WAN Orchestrator service and only on selected geographical POPs. Ensure to get the required approvals and guidance from Citrix Product Management / Citrix Support before deploying 11.5.0 on any production network.

[ SDW-24022 ]

June 30, 2022

Miscellaneous

WAN link template enhancements

When you modify a WAN link template, you now have an option copy the modified WAN link template configuration settings to the site WAN link configuration that is created using the WAN link template.

The following fields are introduced in the WAN Link Info section of the WAN link template page:

  • Adaptive Bandwidth Detection
  • Minimum acceptable bandwidth (%)

The following fields are introduced in the Metering section of the WAN link template page:

  • Data Cap(MB)
  • Disable Link If Data Cap Reached
  • Approximate Data Already Used (MB)

The Eligibility field has been introduced in the MPLS Queues section of the Configuration > Site Configuration > WAN Links page.

On the Site configuration > WAN links page, the Template Name field is introduced. This field is displayed when a new WAN link is created using a template.

[ SDW-23741 ]

Ethernet interface settings

Citrix SD-WAN Orchestrator service introduces the Ethernet interface settings section on the Site Configuration > Appliance Settings page of the UI. This section provides information such as connectivity status of the ethernet ports, Interface type, MAC address, auto negotiate, and the duplex setting status.

[ SDW-23730 ]

Fixes

  • SDWANHELP-2706 - Citrix SD-WAN Orchestrator service fails to auto-correct the firmware mismatch when the SD-WAN appliance is factory reset more than once.

June 02, 2022

Fixes

  • SDW-23687: LTE firmware upload and validation of the uploaded firmware fails intermittently on Citrix SD-WAN Orchestrator service.

  • SDW-23768: The Citrix SD-WAN Orchestrator service UI allows more than one WAN link to be set as primary WAN link for Intranet services.

  • SDW-23827: The audit error EC 100 is displayed for sites that do not have the serial number registered and site names that contain more than 25 characters.

May 05, 2022

Dynamic source NAT

The Citrix SD-WAN Orchestrator service UI now displays the auto-created IPv4 outbound Internet dynamic source NAT rules when the following conditions are fulfilled:

  • Internet service is enabled on the site.
  • IPv4 outbound Internet dynamic source NAT rule is not configured at the site.
  • At least 1 WAN link is on an untrusted interface or Internet is enabled on all routing domains.

[ SDW-23553 ]

Minimum and Maximum value in Kbps for WAN link settings: Citrix SD-WAN Orchestrator service allows you to set minimum and maximum upload bandwidth values in Kbps for LAN to WAN as well as WAN to LAN while configuring a WAN link. The minimum/maximum kbps fields are added under the Configuration> Site Configuration > WAN Links tab > Services section at the site level. You must provide the value (mandatory to add the minimum value) while adding any new services or editing any existing services.

You can also set the minimum/maximum upload and download bandwidth value for Internet and Intranet services. The same fields are also added under Configuration> Advanced Settings > Delivery Services > Internet/Intranet Services at the site level.

[ SDW-23408 ]

Provider-No-Access Role: With the No access role feature, initially a provider administrator can avoid giving the full access role to a newly added user. When the user with a no-access role clicked the Citrix SD-WAN Orchestrator service, the UI gets stuck on loading. The administrator can later decide whether to restrict giving access to the newly added user or add them to a specific tenant.

[ SDW-22585 ]

Deployment enhancements

The Deployment home page is enhanced with a new look and feel for a better user experience. The following changes are effective on the new Deployment page:

  • Deployment summary: This section provides a summary of the most recent deployment with such as the date and time (in UTC time zone), and the status of the deployment.
  • Switch to Old Deployment View: An option to go back to the old Deployment page is available.
  • Deployment history: The new Deployment history table provides details of the past deployment. If Partial Site Upgrade is enabled, the deployment history table categorizes the details based on the software version that the appliances are configured to run. If the last activation fails, you can even view details of the failure.
  • Site View: This table includes details about the current deployment status, Orchestrator connectivity, the software version of each appliance, and a timestamp of the running configuration. It also includes options to retry the deployment on individual sites in case of failures.
  • Default network software: The option to select the software version to be applied to the sites across the network is now available under Deploy Now > Software & Sites.
  • Partial site upgrade: The partial site upgrade option is now available under Deploy Now > Software & Sites.
  • Ignore Incomplete: This check box is now available under Deploy Now > Settings.
  • Rollback Settings: The Rollback on error option is renamed as Rollback Settings. It is now available under Deploy Now > Settings.
  • The 4 main stages of the deployment process are captured in the following screens:
    • Software & Sites
    • Configuration
    • Settings
    • Summary

[ SDW-16829 ]

Site template

Citrix SD-WAN Orchestrator service introduces the option of using a Site template to configure a site. The Site template can be created from Configuration > Profiles & Templates > Templates and a new site can be created using this Site template from Configuration > Network Home.

You can also clone a branch site in addition to site template. However, if some additional features require any modifications, verify the configuration details after cloning the site or the site template and make the changes as required.

[ SDW-14694 ]

Mobile broadband settings - Manage firmware

Citrix SD-WAN Orchestrator service provides an option to upload a firmware and apply it as part of the mobile broadband configuration. Currently, the firmware can be applied only on SD-WAN SE 210 LTE appliances.

[ SDW-23588 ]

Fixes

  • SDWANHELP-2657 - Unable to invite a user as there is an interim issue with Citrix Cloud server.

  • SDW-23322 - The service state of an SD-WAN appliance running a software version of 11.4.2 is displayed as BAD on the Citrix SD-WAN Orchestrator service for On-premises UI. The error message displayed is No Response from Orchestrator URL. This issue occurs when a custom domain is configured in Citrix SD-WAN Orchestrator service.

March 31, 2022

Record device mismatch

Citrix SD-WAN Orchestrator service notifies users when a mismatch is identified between the platform model reported by the appliance and platform model that the users provide while configuring a site. The mismatch details of the platform model and submodel are displayed on the UI in a tabular format.

[ SDW-23346 ]

Platform and systems

Management IP / In-band IP enhancements

The Management IP and the Device Access columns on the following UI screens are enhanced to display either the in-band IP address or the management IP address based on the type of IP address that the device is using to communicate with Citrix SD-WAN Orchestrator service:

[ SDW-23353 ]

Mobile broadband settings and Mobile broadband status

You can now connect the Citrix SD-WAN appliance from your site to a network using a broadband Internet connection. This mobile broadband status and configuration support is available for Internal modems. You can also view the status of the broadband configuration of your device and the active SIM.

[ SDW-10907 ]

Fixes

  • SDWANHELP-2619: In the case of multi-MCN MSP, the audit log for deleting a tenant is missing. With the fix, when user deletes a tenant from the MSP an audit log entry is created.

  • SDWANHELP-2570: Citrix SD-WAN Orchestrator service UI reflects the actual value of MTU - 1350 in Wan links.

  • SDW-23477: Citrix SD-WAN Orchestrator service sends TCP synchronization packets to the AWS endpoint.

March 03, 2022

Citrix SD-WAN 11.4.3 release is supported in Citrix SD-WAN Orchestrator service.

[ SDW-23359 ]

IP access list

Citrix SD-WAN Orchestrator service allows administrators to configure user IP addresses at a network level. This feature is useful when administrators want to allow the tenant access to users based on the IP address, thereby enhancing IP security. This feature is supported for users that have specific roles assigned as part of a tenant.

The IP Access List page is introduced in Citrix SD-WAN Orchestrator service to enable administrators to configure user IP addresses.

[ SDW-21393 ]

Site summary table

A new Device Status column has been added at the network home sites summary table.

[ SDW-23401 ]

Fixes

  • SDWANHELP-2609: Earlier, the user was not able to change the alternate port values after initially configuring it.

  • SDWANHELP-2482: HA failover was triggered when activation on active and standby appliances did not happen within the predefined freeze time. To avoid unnecessary failovers, the freeze time for failover during Change Management on Citrix SD-WAN 110 appliances has been increased by 10 seconds.

  • SDW-23322: The service state of an SD-WAN appliance running a software version of 11.4.2 is displayed as BAD on the Citrix SD-WAN Orchestrator service UI. The error message displayed is No Response from Orchestrator URL. This issue occurs when a custom domain is configured in Citrix SD-WAN Orchestrator service.

  • SDW-23399: A missing value of 1500 bandwidth for VPX and VPXL has been added.

  • SDW-23310: To set Access Interface and gateway IPs at WAN links, you have to change the Virtual Interface from the drop-down list > select another Virtual Interface > then back to the original.

January 27, 2022

Restore previous version

Citrix SD-WAN Orchestrator service introduces the Restore previous version functionality. When the Restore previous version option is selected, Citrix SD-WAN Orchestrator service initiates a network-wide activation of the previous configuration and restores the previously activated configuration(and/or software) on your network.

[ SDW-22042 ]

QoS Policies

The QoS policies page is revamped to enhance the user experience. The options such as Custom Application Rules, Application Rules, HDX Rules, Application Group Rules, IP Rules, and Default IP-Protocol Rules are enhanced with a new look and feel.

[ SDW-11029 ]

IP Rules

The Override Service option is added under IP Rules > Virtual Path Traffic Policy section. When the Traffic Policy is selected as Override Service, you can select the service type as Intranet, Internet, pass-through, or Discard to which the virtual path service overrides.

[ SDW-22213 ]

Configuration Difference

A Config Diff feature is newly added at the Network level under Configuration. The Config Diff capability helps you to review the difference between any two versions of configuration checkpoints. You can also have the ability to view the configurations both at the global and site levels.

[ SDW-4563 ]

Appliance settings

Citrix SD-WAN Orchestrator service introduces an option to configure the management network priority. You can select In-Band or Out-of-Band as the management interface for your network. This option is available only if the SD-WAN appliance is running a software version of 11.4.2 or later.

[ NSSDW-35774 ]

CSV Export Report

With the Export as CSV capability, you can download the path graph points (virtual/member path) for any time series (hourly, weekly, and so on) as an excel Comma-separated Value (CSV) file and can plot all distinct points of data for a particular site report.

[ SDW-20988 ]

Certificate authentication

Citrix SD-WAN Orchestrator service supports appliance authentication for static and dynamic virtual paths using Public Key Infrastructure (PKI) as an additional security feature. Enabling the feature extends the existing virtual path authentication mechanism by distributing PKI certificates over the data path, by the appliance initiating the exchange. The PKI enhancement also supports Certificate Revocation List (CRL) management for centralized revocation of compromised certificates.

[ SDW-19295 ]

View Configuration (Preview)

Citrix SD-WAN Orchestrator service introduces the View Configuration page at the site level. This page provides a detailed summary of a site’s configuration across multiple subsystems.

[ SDW-22284 ]

Real-time statistics

The Firewall Connection is now renamed to Firewall Statistics. NAT and Filter Policies are newly added under the statistics type drop-down list. Also, the Real-time statistic options are restructured and divided into the following categories:

  • Network statistics
  • Application statistics
  • Route statistics

[ SDW-20966 ]

Fixes

  • SDW-22977: When a serial number is added to an existing site configuration that is deployed without a serial number, the appliance gets activated with the previously staged configuration.

  • SDWANHELP-2536: User was not able to update cc/bcc emails at Network level > Alerts > Notification settings > Notification profile tab.

  • SDW-10178: On adding more than 9 subinterfaces, the diagram for the LAN segment is not clear.

  • NSSDW-37813: In Citrix SD-WAN 11.4.2 release, uploading a signed CSR certificate from Citrix SD-WAN Orchestrator service fails for files with .der extension.

What’s new