Citrix SD-WAN 10.2.6 Release Notes

Introduction

This release note describes what’s new, fixed issues, and known issues applicable to Citrix SD-WAN software release 10.2 version 6 for the SD-WAN Standard Edition, WANOP, Premium Edition appliances, and SD-WAN Center.

For information about the previous release versions, see the Citrix SD-WAN

Note

CVE-2019-19781 - Vulnerability in Citrix SD-WAN WANOP appliances (applicable ONLY for 4000-WO, 4100-WO, 5000-WO, 5100-WO Platform models) leading to arbitrary code execution is fixed in release 10.2.6b. For more information, see CVE KB.

What’s New

IPFIX Templates

The IPFIX template defines the order in which the data stream is to be interpreted. The collector receives a template record, followed by the data records. Templates 611, 612 and 613, to export IPFIX flow data, are introduced in Citrix SD-WAN 10.2.6.

Application Flow Info (IPFIX) option exports data sets as per templates 611 and 612 and Basic Properties (IPFIX) option exports data sets as per template 613.

SD-WAN Standard Edition VPX Password Change

From 10.2.6 release onwards, it is mandatory to change the default admin user account password while provisioning any SD-WAN appliance or deploying a new SD-WAN SE VPX. This change is enforced using both CLI and UI.

A system maintenance account - CBVWSSH, exists for development and debugging and has no external login permissions. The account can only be accessed through a regular administrative user’s CLI session.

SD-WAN 210-LTE Firmware upgrade

With 10.2.6 release, the LTE active firmware is updated as part of the single step upgrade package. To upgrade, you need to update the schedule window using the Change Management Setting page or wait for the default scheduled time to upgrade the LTE firmware (daily at 21:20:00).

Fixed Issues

SDWANHELP-961: This issue potentially affects SD-WAN 4000 and 5000 WO appliances. After the appliance is running 10.1.0 to 10.2.5 for over a year, there is a possibility of too much data being kept in the logs.

SDWANHELP-1000: Whenever NetFlow is enabled with high availability (HA) setup, HA flap occurs due to lack of resource.

SDWANHELP-1035: Routes are not propagated correctly to remote sites via the MCN and RCN.

SDWANHELP-1046: Installing wildcard certificate on SD-WAN Center is getting failed because of a problem in apache reload in older version of apache. In result, HTTPS certificate was not getting installed.

SDWANHELP-1049: Virtual WAN virtual machine (VM) on XenServer based platforms might have large time offset over time. In this case, the time on the virtual WAN VM shows inaccurate after reboot.

SDWANHELP-1070: The time is not synced to the hardware clock after being changed. For example, manual time update or NTP time update.

SDWANHELP-1078: Eliminate excessive log spamming caused by mailer-daemon is trying to log in to TACACS+ Server.

SDWANHELP-1095: The FTP Application Layer Gateway (ALG) might not parse FTP sessions correctly if EPSV or EPRT modes are used causing a failure in the FTP session.

SDWANHELP-1096: In rare conditions, SD-WAN service restart can occur during Deep Packet Inspection (DPI).

SDWANHELP-1106: Export and Import of large sized configuration files on SD-WAN Center from MCN fails on earlier 10.2.x versions.

SDWANHELP-1112: BGP autonomous system (AS) number supports a 32bit number.

SDWANHELP-1113: Intermittently unable to access management GUI on WANOP only platforms after upgrading to 11.0.2.

SDWANHELP-1116: During configuration update we might miss sync event processing due to high availability (HA) flap, which might result the appliance in problem state, where route sync does not happen with other branches and results in network outage.

SDWANHELP-1149: When you upload a new HTTPS certificate, it fails to apply and the old certificate is restored.

Known Issues

NSSDW-22748: IPFIX reports exported to the CA Management tool are not processed correctly per the IPFIX Specification. The issue only applies to the CA Management tool and is not seen when IPFIX reports are exported to collectors like SolarWinds, Splunk.

Citrix SD-WAN 10.2.6 Release Notes