Citrix SD-WAN

Release Notes for Citrix SD-WAN 11.4.2b Release

This release notes document describes the enhancements and changes, fixed and known issues that exist for the Citrix SD-WAN release Build 11.4.2b.

Notes

  • This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.

  • In addition to the enhancements and bug fixes that were available in release 11.4.2a, release 11.4.2b contains the following bug fix - SDWANHELP-2594.

What’s New

The enhancements and changes that are available in Build 11.4.2b.

LTE interfaces

You can now configure the LTE interface-based WAN link as a Private Intranet WAN link using Citrix SD-WAN Orchestrator service. This enhancement provides the flexibility of configuring the LTE interface as a Public Internet WAN link or a Private Intranet WAN link.

[ NSSDW-37064 ]

Orchestrator Connectivity Status

The New UI for SD-WAN dashboard displays the following Orchestrator connectivity status:

  • Online State
  • Service State
  • DNS State
  • Local Gateway State
  • Failed Reason
  • Connected Through

[ NSSDW-36434 ]

Appliance settings

Citrix SD-WAN Orchestrator service introduces an option to configure the management network priority. You can select In-Band or Out-of-Band as the management interface for your network. This option is available only if the SD-WAN appliance is running a software version of 11.4.2 or later.

[ NSSDW-35774 ]

Support for IPv6 management connectivity with SD-WAN Orchestrator for on-premises is available from Citrix SD-WAN software version 11.4.2 onwards.

[ NSSDW-35647 ]

Platform and systems

The Domain name-based applications now support configurable ports and protocol in Citrix SD-WAN Orchestrator service. When you select the Configure Port check box, you can edit, add, or delete any port or the port range as required. Also, you can change/select the protocol as TCP, UDP, or Any. Previously (and with the configure port check box disabled), only ports 80 and 443, and protocol Any were supported for domains grouped under an application.

[ NSSDW-29930 ]

Fixed Issues

The issues that are addressed in Build 11.4.2b.

In the case of scaled deployment on configuration change on any site or WAN link, the routing engine restart causes BGP sessions to flap.

[ SDWANHELP-2594 ]

Appliance crashes when a DNS learned entry for a domain name based application causes the first packet classification table to reach the maximum limit.

[ SDWANHELP-2480 ]

When the number of flows are constantly high and beyond the maximum flow capacity limit of an appliance, a change in flow mapping may some time cause data path restart.

[ SDWANHELP-2456 ]

For an unencrypted path with VLAN tags, such as HA control paths, some SD-WAN control packets were sent with an incorrect Ethernet header making the paths unstable or dead.

[ SDWANHELP-2384 ]

An audit error id displayed while deploying standalone RCN without any branches.

[ SDWANHELP-2381 ]

When the ICMP probe for Internet service is enabled from Citrix SD-WAN Orchestrator service, the SD-WAN service is restarted if the Internet WAN link goes down, on the following appliances-

  • Citrix SD-WAN 2100
  • Citrix SD-WAN 4100
  • Citrix SD-WAN 5100
  • Citrix SD-WAN 6100

[ SDWANHELP-2378 ]

The Citrix SD-WAN Center dashboard does not load any information.

[ SDWANHELP-2373 ]

While pushing changes to the network appliances from the MCN through the Change Management process, the SD-WAN Service on the appliances restarted disconnecting the appliance for approximately 2 minutes.

[ SDWANHELP-2366 ]

Unable to configure LAG groups for Citrix SD-WAN 5100 model.

[ SDWANHELP-2339 ]

Unable to download PAC file on Citrix SD-WAN appliance models that support PE.

[ SDWANHELP-2336 ]

When path encryption in turned off, high MTU and loss are observed in the path.

[ SDWANHELP-2327 ]

In SD-WAN Orchestrator HA set-up, the standby appliance crashes when the appliance software is upgraded from a version lower than 11.3.0 to version 11.4.1, 11.3.2 or lower.

[ SDWANHELP-2315 ]

Gradually increasing packet loss is observed at a Site, which has dead virtual paths with other remote sites, WAN link configured in standby mode, and heartbeat disabled.

[ SDWANHELP-2276 ]

The option to toggle the columns displayed under the Monitoring > Flows page is not functioning as expected. Despite selecting or filtering the columns, the following message is displayed:

Please select at least one column.

[ SDWANHELP-2272 ]

LTE modem reboots continuously when the QMI proxy process stays in a defunct state.

[ SDWANHELP-2270 ]

Multiple authentication requests for the same user are sent when an SSH connection to SD-WAN is established using TACACS+ authentication, resulting in excessive logging.

[ SDWANHELP-2087 ]

Email notifications cannot be sent when the SMTP server name is set as FQDN. This issue occurs when the DNS server contains:

  • At least 2 IPv4 A records for the FQDN.
  • At least 1 IPv6 AAAA record for the FQDN.

[ SDWANHELP-2027 ]

In Citrix SD-WAN 11.4.2 release, uploading a signed CSR certificate from Citrix SD-WAN Orchestrator for On-premises fails for files with .der extension.

[ NSSDW-37813 ]

Citrix SD-WAN Orchestrator service connectivity fails when the DNS provided by an LTE dongle or a Management port is not reachable, even though the network has switched to In-band Management for connectivity.

[ NSSDW-37428 ]

In-band management

From Citrix SD-WAN 11.4.2 release onwards, it is mandatory to configure In-band management on the SD-WAN appliance, to establish connectivity to Citrix SD-WAN Orchestrator service through an In-band management port. Otherwise, the appliance loses connectivity to Citrix SD-WAN Orchestrator service when the management port is not connected and the In-band IP address is also not configured.

[ NSSDW-37174 ]

Citrix SD-WAN service might crash when DHCP server assigns new address with DVP and HA configuration.

[ NSSDW-36513 ]

Citrix SD-WAN UI shows an error if a duplicate name is used for DNS Proxy across the network.

[ NSSDW-33842 ]

Platform and systems

Adding a custom SNMP community string for the first time doesn’t remove the existing community string configuration.

[ SDWANHELP-2561 ]

Known Issues

The issues that exist in release 11.4.2b.

Miscellaneous

If Partial Site Upgrade was disabled followed by an upgrade of the whole network to a new software version, then some of the sites might get auto-corrected back to the older version.

Workaround: If another change management is triggered then the downgraded sites upgrades to the expected software version.

[ SDWANHELP-2586 ]

Legacy GUI leaves CGI session files under a temporary directory. These CGI sessions are cleaned up during boot up, which can prevent Citrix SD-WAN service from running.

Workaround: Reboot the appliance by pressing the power button for 4+ seconds and power the box back on, or unplug the power cable and plug it back in after few seconds.

[ SDWANHELP-2567 ]

Citrix SD-WAN LTE service can hang due to LTE modem transaction timeout errors.

Workaround: Reboot the appliance.

[ SDWANHELP-2565 ]

The t2_app crashes when statistics are requested with an incorrect DB index due to a rare race condition in the Citrix SD-WAN UI.

[ SDWANHELP-2548 ]

Memory assigned to Palo Alto VM (VM-50 Model) on Citrix SD-WAN 1100 is increased to 5.5 GB.

[ SDWANHELP-2534 ]

A possible memory leak in ICA classification is fixed.

[ SDWANHELP-2527 ]

Citrix SD-WAN service might crash sometimes on the Advanced Edition (AE) platform with an Internet load balancing configuration.

Workaround: Configure Internet service in primary and secondary mode.

[ SDWANHELP-2521 ]

Citrix SD-WAN appliances allow only desired traffic on the management port, which prevents users from accessing the MiRIC management GUI when enabled.

[ SDWANHELP-2479 ]

Trying to enter the IP address with prefix was failing validations for source/destination IP fields in Firewall Filter Policies.

[ SDWANHELP-2471 ]

If an appliance using out-of-band port for SNMP service, switches to in-band port, all the management service for the appliance connects to internet through the in-band port. The SNMP requests send to out-of-band port fail.

Workaround: Configure an external SNMP service to send request to in-band port if out-of-band port fails.

[ SDWANHELP-2358 ]

In Citrix SD-WAN 11.4.2 release, uploading a signed CSR certificate from Citrix SD-WAN Orchestrator for On-premises fails for files with .der extension.

Workaround: Issue not applicable to .pem files. Use .pem signed CSR.

[ NSSDW-37813 ]

The traffic rates displayed on the Monitoring classes table of the UI are approximately 150 Kbps lesser when traffic of the real-time, interactive high, interactive medium, and interactive low class types are initiated at the same time.

[ NSSDW-37568 ]

The Orchestrator connectivity status in the New UI Dashboard is displayed as BAD/Unknown for Citrix SD-WAN appliances that are managed through the MCN.

[ NSSDW-37462 ]

Citrix SD-WAN Orchestrator service connectivity fails when the DNS provided by an LTE dongle or a Management port is not reachable, even though the network has switched to In-band Management for connectivity.

[ NSSDW-37428 ]

In rare conditions, if a branch site has one of the WAN links with a static public IP address, then the formation of the dynamic virtual path fails.

Workaround: Restart the Virtual WAN Service at the branch site with the static Public IP address.

[ NSSDW-36429 ]

In Citrix SD-WAN BGP configuration, when the router ID for a routing domain is changed, the SD-WAN dynamic routing protocol might restart.

[ NSSDW-35657 ]

A configuration change made to a firewall dynamic NAT policy or a port forwarding rule might result in a core dump.

[ NSSDW-34603 ]

WPA3 failed authentications are not reported under site-level alerts.

[ NSSDW-32053 ]

Platform and systems

Adding a custom SNMP community string for the first time doesn’t remove the existing community string configuration.

Workaround: Disable and then enable SNMP v1/v2 to clear the existing community string.

[ SDWANHELP-2561 ]

Release Notes for Citrix SD-WAN 11.4.2b Release