Features Introduced in November 2023
Table of Contents
Features Introduced in November 2023
Learn what’s new in
Prisma SD-WAN
in November 2023.Learn about the new features introduced in
Prisma SD-WAN
in November
2023.Where Can I Use
This? | What Do I Need? |
|---|---|
|
|
Virtual Routing Forwarding for WAN Segmentation
Prisma SD-WAN supports Virtual Routing and Forwarding (VRFs) for WAN segmentation of application
traffic. Network segmentation will help achieve isolation of application traffic for
the same customer between different business units or customers who share the same
WAN infrastructure by carrying the segment identifier over the WAN overlay.
WAN Segments are first defined in global VRF profiles. These VRF profiles are then
bound to sites. After that, interfaces are configured with the appropriate VRF. When
traffic enters the interface, it only considers destinations with the same VRF
locally or across the fabric. If the traffic is destined to go across the fabric, it
gets automatically encapsulated with a unique identifier specific to that VRF. Once
the traffic reaches the remote ION, it can egress onto the VRF that is appropriately
configured.
SNMP-based Discovery for IoT
Prisma SD-WAN
supports the discovery of devices that are not directly
connected to the Prisma SD-WAN
branch ION devices by using SNMP (Simple Network
Management Protocol) to discover IoT devices within a branch network. The system uses LLDP (Link Layer Discovery Protocol) to identify
neighboring networking devices in a branch ION, launching an SNMP MIB to gather IP
address and MAC Address entries. SNMP discovery involves querying LLDP information
for IP and MAC address bindings, retrieving data from neighboring devices one by one
until it discovers all the IoT devices. The ION device transmits these discovered
bindings, alongside VLAN, subnet details, and so on, as Enhanced Application logs
(EAL) to Cortex Data Lake (CDL). IoT Security uses this information to enhance
visibility in its portal by identifying the devices.
Incident Dampening
You can now suppress incidents for a selected period of time using Incident Policies. With incident policy
rules, you can specify the dampening interval during which the system suppresses
events generated by resources during the specified period.
Layer 2 Switching Capabilities in ION 3200
Prisma SD-WAN
supports ION 3200 with Layer 2 switch. The
Layer 2 switch ports enable connecting multiple devices directly on the L2 LAN or
add downstream switches or Wireless Access Points (WAP).
Used-for-HA Capability on Layer 3 Interfaces
Generation One ION devices use the control port to exchange HA heartbeat
and manage the controller traffic between the active and the standby device. With
the introduction of used-for-HA (referred to as
Used-for-Control
in earlier releases) as a port type, the
NextGen ION devices such as the ION 1200-S, ION 3200, ION 5200, ION 9200 do not need
a dedicated controller port for the management services. The
used-for-HA
interface allows you to exchange HA heartbeat
and connect the standby device to the controller through the active ION device. You
can use the control interface to send management traffic like App Probe, NTP, SNMP,
RADIUS, and IPFIX. Support for
used-for-HA
capability is extended on
the main interface on all routed ports. This capability was available on SVI and
sub-interfaces in the previous release. Used for HA is supported on all the ION
devices. IPv6 BGP Support
Prisma SD-WAN
now supports IPv6 for BGP. 