What’s New

Citrix SD-WAN Orchestrator introduces the following new features and enhancements:

August 12, 2020

Dynamic Virtual Path enhancements:

  • Dynamic virtual paths can now be enabled/disabled at the site level using the Enable Dynamic Virtual Paths check box. The ability to enable dynamic virtual paths across the network globally is retained.
  • You can configure IPsec tunnel settings for dynamic virtual paths at the network level.
  • The dynamic virtual path thresholds for LAN-to-WAN and WAN-to-LAN in terms of bytes per second and packets per second are introduced per WAN link.

Static Virtual Path enhancements: The Tunnel Header Size in Bytes and Active MTU Detect configuration options are introduced in the Virtual Path WAN link properties.

Auto-correction: In SD-WAN Orchestrator, the auto-correction feature is implemented in the change management workflow. The auto-correction feature is applicable for staging failure on a branch node and activation failure on any node. The maintenance mode check box is added under the Change Management Settings to perform manual troubleshooting on an appliance. Once the maintenance mode check box is unchecked, the auto-correction mechanism brings the appliance in sync with the network software and configuration version.

July 15, 2020

Application Quality: Application QoE is a measure of Quality of Experience of applications in the SD-WAN network. The Application QoE score is a value between 0 and 10. The score range that it falls in determines the quality of an application. The Application QoE dashboard provides the overall Application QoE score of all the applications in your network. You can also view individual Application QoE reports.

Region configuration enhancements: You can now change the default region, provide a description for the region, and add new subnets. You can also allow non-private Virtual IP addresses within a region or from other regions to match the configured subnets.

Citrix SD-WAN releases: The following Citrix SD-WAN releases are now supported in the Citrix SD-WAN Orchestrator:

  • Citrix SD-WAN 10.2.7
  • Citrix SD-WAN 11.0.3d
  • Citrix SD-WAN 11.1.1a

July 6, 2020

Appliance settings: Citrix SD-WAN Orchestrator allows you to configure the appliance settings, at the site level, and push it to the remote appliances. You can configure user, network adapters, NetFlow, AppFlow, and SNMP settings.

Link Aggregation Groups: The Link Aggregation Groups (LAG) functionality allows you to group two or more ports on your SD-WAN appliance to work together as a single port. This ensures increased availability, link redundancy, and enhanced performance. Citrix SD-WAN Orchestrator supports simple Link Aggregation Group (ACTIVE-BACKUP).

Transit Nodes: Transit nodes reduce the cost of routing by configure sites to route data via a virtual overlay transit node. You can configure Internet or Intranet transit nodes to allow sites without internet or intranet service to route to the internet or intranet through the configured transit sites.

Firewall profile: Firewall profiles provide security by ensuring that network traffic is restricted only to a specific firewall rule depending on the match criteria and by applying specific actions. The Firewall Profile contains three sections.

  • Global Profiles – Global profile is an aggregation of a couple of firewall rules. The profile that you create under the Global Profiles section is applied across all the sites in the network.
  • Site Specific Profiles – You can apply the defined firewall rules on certain specific sites.
  • Global Override Profile – You can override both global and site-specific profiles using the Global Override Profiles.

June 11, 2020

Edge Security: The Citrix SD-WAN Edge Security capability enables advanced security on Citrix SD-WAN branch appliances. It simplifies information security management by providing a single management and reporting pane for Network Edge Security. It eliminates the need for multiple branch solutions by consolidating routing, SD-WAN, and security capabilities on a single appliance. This reduces network complexity, operational cost, and provides a more secure network edge. The Edge Security stack includes the following security functionality:

  • Web filtering
  • Anti-Malware
  • Intrusion Prevention


  • The Edge Security is only supported for Citrix SD-WAN deployments managed through the Citrix SD-WAN orchestrator.
  • External syslog server support is currently not available through Orchestrator for Citrix SD-WAN Edge Security.

Subnet support: From release 11.2 onwards, Citrix SD-WAN UI allows /31 subnets for configuring the network address.

Metered link enhancements: The following options are introduced under Advanced WAN link settings:

  • Approximate Data Already Used: The approximate data already used in MB for the metered link. This is applicable only for the first cycle. To track the proper metered link usage, specify the approximate metered link usage, if the link has already been used for few days in the current billing cycle.

  • Disable link if Data Cap Reached: If the data usage reaches the specified data cap, the metered link and all its related paths are disabled until the next billing cycle. If this option is not selected, the metered link remains in the current state, after the data cap is reached, until the next billing cycle.

Auto-learning of Public IP address on Intranet WAN link: You can now enable Auto learning of Public IP address on Intranet WAN links, under Basic settings > WAN Link Attributes, to support DHCP on Fail-to-Wire port.


Rollout of this release is in progress, the feature will be available in respective POPs as the rollout completes.

June 1, 2020

LTE firmware upgrade: You can now upgrade the LTE firmware via the SD-WAN Orchestrator along with configuring and managing all the LTE sites in your network. While creating the site, you need to select LTE as a submodel for the SD-WAN 210 appliance/model. Currently, the LTE support is only applicable on 210 appliances. You need to set the scheduling window information to upgrade the LTE firmware corresponding to the latest selected software version.

Static inter-routing domain service: Citrix SD-WAN Orchestrator now supports Static Inter-routing Domain service, enabling routing between Routing Domains within a site or between different sites. This eliminates the need for an external edge router to handle routing between two routing domains. The inter-routing service can further be used to set up routes, firewall policies, and NAT rules.

Citrix SD-WAN 11.1.1 Release: Citrix SD-WAN 11.1.1 release is now supported in Orchestrator.

May 13, 2020

Y-cable: You can now enable Y-cable support for Citrix SD-WAN 1100 SE/PE appliances through SD-WAN Orchestrator. The Small Form-factor Pluggable (SFP) ports can be used with a fiber optic Y-Cable to enable high availability feature for Edge Mode deployment.

Wrap Alerts description: The alert message contents under the Reports > Alerts > Message column are now wrapped. Earlier, the alert messages were hidden when the length of the message was greater than the width of the allocated cell size.

DHCP Client: The Dynamic Host Configuration Protocol (DHCP) Client option is now available under the Site Profile template. Hence, the sites that are created through the Site Profile, also inherits the DHCP Client option.

Citrix SD-WAN 110 appliance support: The Citrix SD-WAN 110 hardware model appliance is now supported in Orchestrator.

April 28, 2020

HA near-hitless software upgrade: The HA near-hitless software upgrade feature ensures that the network downtime, during the software upgrade (11.1.x and above) process for an HA pair, is not more than the HA switch over time.

Appliance reports (Tech Preview): Appliance report delivers Network traffic and System usage reports. Under Appliance Reports you can view Interfaces, Network, CPU Usage, Disk Usage, and Memory Usage reports in different tabs.

Change password: Citrix SD-WAN Orchestrator allows you to centrally change the password of all the SD-WAN appliances in your network from the Network Configuration > Home page.

Microsoft Office 365 beacon service: Citrix SD-WAN supports Microsoft Office 365 beacon probing capability to help determine the best link to be used for Office 365. The probes determine the latency (round-trip-time) involved in reaching Office 365 endpoints through each WAN link, enabling network administrators to identify the best link to be used for Office 365 traffic. The Office 365 beacon probing capability is available only via Citrix SD-WAN Orchestrator.