Citrix SD-WAN

Release Notes

This release note describes known issues, and fixed issues applicable to Citrix SD-WAN software release 10.2 version 2 for the SD-WAN Standard Edition, WANOP, Premium Edition appliances, and SD-WAN Center.

For information about the previous release versions, see the Citrix SD-WAN documentation.

What’s new

NSSDW-15594: A regenerate appliance certificate upload option for SSL communication between the SD-WAN Center and SD-WAN appliance is introduced. The appliance certificate should be generated on the MCN to regenerate the certificate. The regenerated certificate from the MCN appliance needs to be uploaded to the SD-WAN Center for SSL communication to work.

To regenerate appliance certificate:

  1. Navigate to Configuration > Virtual WAN > SD-WAN Center Certificates > Appliance Certificate Management. The following options are available.

    • Regenerate appliance certificate for SSL communication.
    • Download the appliance certificate.
  2. In SD-WAN Center, upload the appliance certificate by navigating to, Configuration > Network Discovery > SSL Certificate > Appliance Certificate.

localized image

localized image

For existing deployments, upgrading to release 10.2 version 2 does not require installing the new appliance certificate on the SD-WAN center because the already installed default application certificate is not removed. However, for new deployments, and for SSL communication to work, you should install the appliance certificate to the SD-WAN Center.

NSSDW-17171: Allow default route to be filtered in a BGP NEIGHBOR POLICY using 0.0.0.0/32 or any prefix, such as 16 or 8 which is NON-ZERO.

  1. The current BGP neighbor policy uses 0.0.0.0/prefix as a match all prefix and cannot be filtered. The definition of 0.0.0.0 is a default match all criteria.

    • With this enhancement you can specify a 0.0.0.0/32 or a NON-ZERO value which is matched as a particular prefix that needs to be exercised of a policy action in the specified direction.
    • 0.0.0.0/0 exists as a match all route.
  2. The number of BGP Policies per neighbor is extended from 8 (7+1 default) to 16 (15 + 1 default)

  • Each BGP neighbor can be configured with neighbor policies.

  • Prior to release 10.2 version 2 the maximum limit was 8 (7 user-defined policies and a single match all filter policy). This has been enhanced to 16 (15 user-defined policies and a single match all filter policy).

NSSDW-16025: Support for high-availability using splitter Y-cable connected to SFP ports for the 1100 appliance is added.

NSSDW-16663: Add Security Admin role to SD-WAN Center and MCN GUI.

Fixed issues

SDWANHELP-520 (SR# 78300015): The SD-WAN appliance might crash due to invalid memory reference. The health monitoring process restarts the failed SD- WAN service automatically.

SDWANHELP-617 (78586601/78435402): Slow file transfer speeds are observed between two branch sites with low permitted bandwidth.

SDWANHELP-650 (SR# 78640419): On the SD-WAN 4,100 appliances, the MCN GUI is unresponsive after an upgrade to release 10.2.

SDWANHELP-674 (SR# 78694895): On the SD-WAN PE appliance, you need to change the hostname for WANOP communication.

SDWANHELP-676 (SR# 78708421): On the SD-WAN 4100 WANOP appliance, 4 out of its 6 instances are disconnected from the active directory, and cannot be rejoined.

SDWANHELP-682 (SR# 78694883): When creating a Site the location field is not saved.

SDWANHELP-698 (SR# 78744599): The SD-WAN appliance does not fail over when the LAN switch goes down.

SDWANHELP-703 (SR# 78765798): IPSec traffic to Zscaler is impacted when memory usage peaks are observed.

SDWANHELP-705 (SR# 78708432): Multiple Core-dump files generated on the standby MCN appliance.

SDWANHELP-712 (SR# 78708319): LTE connected virtual path is reported as DOWN even when the modem is operational on the branch SD-WAN appliance.

SDWANHELP-735 (78811478): The “Active OS partition is completely full…..” alert is observed on the 1100 platform edition configured as PE in releases 10.2.0 and 10.2.1. You need to manually restart the 1100 appliance after upgrading to release 10.2.2.

NSSDW-10133: Port forwarding rules are missing from the Dynamic NAT policies when internet access for all the routing domains is enabled.

NSSDW-15923: SD-WAN BGP configuration does not allow using community string in old format.

NSSDW-16936: The Audit Request from GUI is timed out when you attempt to compile large configuration file.

NSSDW-16165: Subnet added as part of region definition does not get populated in routes table.

NSSDW-17108: Selecting the first autopath group when configuring WAN Link Templates displays as “no group selected”.

NSSDW-17278: WAN to WAN forwarding does not work when configuration is upgraded from non-WAN to WAN configuration to WAN configuration.

NSSDW-17428: Traffic is sent to incorrect routing domain for dynamic routes.

NSSDW-17243: Failed to mount active storage in SD-WAN Center for Azure.

NSSDW-17091: The drill-down option is not working for Virtual path rows in the Services tab on reporting page.

NSSDW-17076 (78662689): PPTP/ GRE does not come up through the SD-WAN traffic. The SD-WAN appliance is acting as pass-through and not an endpoint.

Known issues

NSSDW-17427: On the premium edition appliances, make the WANOP hostname persistent when it is incorrect by updating the appliance or site name and perform Local Change Management or Change management.

Release Notes