Single Step Upgrade


The WANOP, SVM, and XenServer supplementals / hot fixes are referred to as OS components.

Should I use .tar.gz, or single step upgrade .zip package to upgrade to 9.3.x from my current version (8.1.x, 9.1.x, 9.2.x)?

Use the .tar.gz files of the concerned platforms to upgrade the SD-WAN software to 9.3.x. After the SD-WAN software is upgraded to 9.3.x version, perform change management using the .zip package to transfer/stage OS component software packages. After activation, the MCN transfers/stages OS components for all the relevant branches.

After upgrading to 9.3.0 using single step upgrade package (.zip file) do, I need to perform.upg upgrade on each appliance?

No, OS software update/upgrade will be taken care by the single step upgrade .zip package and it is installed as per the scheduling details provided by you in the Change Management Settings of the respective sites.

Why should I use .tar.gz followed by .zip package to upgrade from pre-9.3 to 9.3.x, and why not directly use .zip package of 9.3.x?

Single Step upgrade package is supported from release 9.3.0 build 161 onwards. On earlier release versions (prior to 9.3) this package is not recognized. When the single step upgrade .zip package is uploaded into the Change Management inbox, the system throws an error stating that the package is not recognized. Hence, first upgrade the SD-WAN software to release 9.3 or above version and then perform Change Management using the .zip package.

How will the OS Components be installed through single step upgrade, if.upg upgrade is not performed?

The MCN will transfer/stage OS components software packages based on the appliance model, after the Change Management is completed using single step upgrade .zip package. After activation, the MCN starts transferring/staging the OS components software packages for the branches that need them for the scheduled update/upgrade.

How do I install OS components, without scheduling for later installations?

Set the Maintenance Window value to ‘0’ for instant installation of the OS components.


The installation starts only when the appliance has received all the package that is needed for the site, even when Maintenance Window value is set to ‘0’.

What is the use of scheduling installation? Can I use schedule instructions to upgrade SD-WAN alone?

Scheduled installation was introduced in SD-WAN 9.3 release and is applicable for OS components only and not for SD-WAN software upgrade. With single step upgrade, you need not log into each appliance to perform OS components upgrade and the scheduling option allows you to schedule the OS components installation at a different time other than SD-WAN software version upgrade.

Why does the scheduling information in Change Management Settings page displays past schedule date by default and what does it mean?

The Change Management Settings page displays the default scheduling information that is, ‘”start”: “2016-05-21 21:20:00,” “window”: 1, “repeat”: 1, “unit”: “days”’. If the date is a past date it means that, the scheduled installation is based on the time and other parameters like maintenance window, repeat window, and unit and not the date.

What is default schedule installation date/time set to, is it generic or local appliance dependent?

By default the scheduling details is set as ‘2016-05-21 at 21:20:00 (Maintenance window of 1 hour and repeated every 1 day)’. This detail is local appliance site dependent.

How can I install OS Components immediately without waiting for the maintenance / scheduled window?

Set the Maintenance Window value to ‘0’ in Change Management Setting page, this overrides the scheduled installation time.

Which package should I use for upgrade when current software version is 9.3.x or above?

Use single step upgrade .zip package to upgrade to any higher versions when the current software version is 9.3.x or above.

When does the OS Components files get transferred/staged to the branches?

The OS components files are transferred/staged to relevant branches after the activation is completed when Change Management is done using single step upgrade .zip package to upgrade the system.

Which appliances receive OS Components files? Is it platform dependent or do all branches receive it.

Appliances that are hypervisor based such as, SD-WAN – 400, 800, 1000, 2000 SD-WAN and Bare metal SD-WAN - 2100 running on EE license will receive OS components to upgrade.

How does scheduling work?

By default the scheduling details is set as ‘2016-05-21 at 21:20:00 (Maintenance window of 1 hour and repeated every 1 day)’ and it implies that the system will check if new software is available for installation every day as repeat value is set to ‘1 day’ and will have maintenance window of ‘1 hour’ and the installation will get triggered/attempted (if new software is available) at 21:20:00 (local appliance time) effective from ‘2016-05-21’.

How do I get to know if the OS Components have been upgraded?

In the Status column, you can see a green tick mark. On hovering over it, you see ‘Upgrade is Successful’’ message.

localized image

Can I use tar.gz file to upgrade to next release, when single step upgrade was used for previous software upgrade?

You can use tar.gz file to upgrade, but it is not recommended because you would need to perform.upg upload to upgrade OS component software by logging into each applicable appliance. From release 9.3 version 1 onwards the ‘Update Operating System Software’ page is depreciated, hence you would need to perform change management with .zip package to upgrade the OS components.

How can we validate the current running versions of OS Components?

Currently you cannot validate the current running versions of OS components from the SD-WAN GUI. You need to login from each console or get STS to view this information.

What difference it would make if I have bare metal appliances in my network? Does scheduling impact bare metal / Virtual appliances?

Bare Metal appliances such as, SD-WAN – 410,2100,4100,5100 SD-WAN run only SD-WAN software and they do not need any OS components packages. These platforms are treated on par with SD-WAN VPX in terms of software need. The MCN will not transfer OS components packages to these appliances. Setting scheduling information will not take effect for these appliances, as they do not have any OS components that need upgrade.

How does Single Step Upgrade work in HA environment / deployment?

In HA deployment at MCN, we have a limitation, where the active MCN switch’s/toggles the role of primary MCN during Change Management and Standby/Secondary MCN takes over. In this case, you need to perform Change Management once again with the .zip package on the active MCN for the packages or you can switch back to primary MCN by toggling the role of active MCN so that original primary MCN can take up the role for the OS components packages to be staged to other branches.

How does single step upgrade work in HA environment / deployment?

While performing single step upgrade in HA deployment, the role of the primary MCN and the Standby MCN is toggled. This is a limitation. If this happens, perform Change Management again with the .zip package on the active MCN. Alternatively, you can switch back to the primary MCN by toggling the role of the active MCN so that the original primary MCN can stage OS components packages to the branches.

Is single step upgrade support for ZTD to boot strap the appliances?

Yes, it can be used.

Can I use single step upgrade to upgrade my standalone WAN opt?


Can I use single step upgrade to upgrade standalone WANOP appliance deployed in 2 Box mode?

No. Only SD-WAN appliance part of two Box mode would be upgraded and not the WANOP standalone appliance.

210-SE LTE Platform Edition

What is the 210-SE LTE platform edition?

210-SE LTE platform is part of the NetScaler SD-WAN family supporting Standard Edition with Integrated LTE. It provides the capability to utilize the LTE radio on the appliance as another WAN link. It includes all the Standard Edition features such as, Path selection with quick adaptation, full link bonding, Routing, Firewall, Application centric policies, and centralized management.

How many LTE modems does it support?

The 210-SE LTE platforms support one integrated LTE modem.

What are the top use cases?

  1. Single Circuit Branches: 210-SE LTE is a great fit to start deploying at sites with only one existing circuit. Once deployed, the LTE could be utilized as a secondary or another active circuit for site with ease.

  2. Avoid External Modems: In existing networks with an external LTE modem, 210-SE LTE can consolidate both the SD-WAN and LTE modem into one device reducing the footprint.

  3. Use LTE as a backup link: An existing branch could augment the LTE connection provided by 210-SE LTE with existing circuits and act as a backup or standby link.

  4. Sites with no wired circuits available: In remote locations where you cannot get a wired WAN connection, you can quickly bring the site online and make it part of your rest of your network.

  5. Any remote site with the need for a wireless connection.

What are the supported bands?

210-SE LTE platforms are available in two variants to support the full global range of bands.

  • R1 (Region / Radio interface 1) supports LTE-A: B1-B5, B7, B8, B12, B13, B20, B25, B26, B29, B30, B41
  • R2 (Region / Radio interface 2) supports LTE-A: B1, B3, B5, B7, B8, B18, B19, B21, B28, B38-B41

When is platform be releasing?

The software release on the platform is released 9.3 version 5. It is also supported on future releases 10.0 version 2 and beyond.

What are countries that these models are qualified for at FCS?

Please check the 210-SE LTE-Selling-Guidelines on the SalesIQ for this information.

Which carriers are supported?

Please check the 210-SE LTE-Selling-Guidelines on the SalesIQ for this information.

How is this different compared to other LTE routers in the market?

The differentiation comes from the SD-WAN path selection capabilities. By employing packet-by-packet decisions, Citrix SD-WAN solution can fully bond the WAN links and enable a single flow to utilize all available bandwidth. The software also continuously monitors the network conditions for degradations and moves the traffic to utilize the best available link in real-time. When used as a primary link, the software can conserve the amount of bandwidth used by reducing overheads. When used as a backup, SD-WAN software ensures that the link is healthy and brings it into service when required based on business policies.

How is it different than the USB modems?

The USB modems used are primarily consumer grade with low reliability, minimal visibility into health of the link, and no long term supportability. In contrast, the 210-SE LTE utilizes an enterprise grade modem with high reliability, detailed visibility into network health, and long term software support.

Are dual LTE modems supported?

Yes, there is a variant of the platform to support dual modems in the future.

Is the new SD-WAN Orchestrator supported on the 210-SE LTE platform?

Yes. SD-WAN Orchestrator supports this platform when it is released.

Do these 210-SE LTE appliances have room to grow?

Yes. With upcoming software updates, these appliances can support up to 100 Mbps full duplex bandwidth. You can upgrade appliance with a software license.

Unable to log into Citrix Workspace Cloud after clicking the login tab in the Zero Touch Landing page of SD-WAN Center GUI?

  1. Turn on Allow pop-ups on the browser.
  2. Check if DNS is configured in SD-WAN Center and it has internet connectivity.

Is it mandatory to discover MCN and have working MCN before proceeding with ZTD service?

Yes. It is mandatory to have working MCN before proceeding with ZTD service

Is it mandatory to Import/create a new configuration file using Config Editor to proceed with ZTD Deployment?

Yes, it is mandatory to import or create a configuration file, if using software release version earlier than 9.3.4.

What if configuration file is empty in the Prepare New Site tab?

Check that MCN discovery is successful, and verify that SD-WAN Center and MCN certificates are synced. MCN management IP address is unreachable or changed after the discovery.

After Deploying a new Site using ZTD, where is the status displayed?

  1. You can navigate to the Pending Activation page to see the status for newly deployed site.
  2. After deploying a new site, you can go through the status by opening a link provided in email sent from the ZTD Cloud Services team.

Why does the **Activation page hang in waiting for installer state after deploying a new site?**

  1. This occurs when a Serial number for Device A but connected Device B is provided.
  2. This can also occur when agent is not installed or able to communicate with the Cloud Service.
  3. Log in to admin console and run ztd_diagnostics command for debugging.

Where can I access ZTD specific log files?

ZTD specific log files are available under the /home/sdwan/agent_logs directory

What needs to be done if you want to reuse the same appliance on a different Customer network or RMA deployment time?

  1. Perform Factory Reset.
  2. Delete the appliance from Activation History in SD-WAN Center.
  3. Activate the appliance again (with serial number and new configuration).

From ZTD perspective is there any difference in Factory shipped and RMA appliance?

No, there is no difference between factory shipped and RMA appliance.

Can a non-admin SD-WAN Center user perform ZTD?

Yes, if you are using a software release version higher than release 9.3.4.

Receiving Configuration version Mismatch error for a ZTD Deployed site?

This is a known issue with SD-WAN software release versions earlier than 9.3.4. You need to upgrade MCN to release 9.3.4 and above. Then, perform ZTD deployment after upgrade is complete.

ZTD is supported on which platforms?

ZTD is supported on 210, 210 LTE, 410, 1000, 2000, and 2100 standard edition platforms.

How does ZTD work on 210-LTE Platform, when Management interface is used to reach the Cloud Service?

The workflow is similar to the existing platforms that are supported for ZTD.

If Management Port was already connected and LTE Port needs to be used for Internet connectivity, what procedures are to be performed?

  1. If Management interface is configured with DHCP IP address (default option), unplug the Management port and restart the appliance.
  2. If Management interface is configured with Static IP address, modify the Management port to have DHCP IP address, apply the configuration, unplug the Management port, and restart the appliance.

What is the pre-requisite that needs to be followed when LTE Ports are used for Internet connectivity in 210-SE LTE appliance?

  1. Management Port should not be connected.
  2. For the Branch Site, Internet Service using LTE Interface should be additionally configured in Virtual WAN Configuration.
  3. SIM card with data connectivity should be available. After inserting the SIM card, 210-SE LTE appliance needs to be restarted.
  4. LTE Signal Coverage - LTE IP address assignment or status can be verified using SD-WAN CLI -> LTE - Help / Status.