Features Introduced in SD-WAN Plugin 1.0

Features introduced in SD-WAN Plugin 1.0 releases.
Our SD-WAN subscription integrates with PAN-OS to provide intelligent, dynamic path selection on top of the industry leading security that PAN-OS software already delivers. Secure SD-WAN provides the optimal end-user experience by leveraging multiple ISP links to ensure application performance and scale capacity. For upgrade and downgrade considerations and for specific information about the upgrade path, refer to the SD-WAN 1.0 Administrator’s Guide. The administrator’s guide also provides additional information about how to use the SD-WAN plugin features in this release.
Some features of SD-WAN require the Panorama management server.

What’s New in SD-WAN Plugin 1.0.4

Key feature introduced with the SD-WAN plugin 1.0.4 release:
New SD-WAN Feature
Description
Auto-VPN Configuration of Hub Priority for BGP Local Preference
(
PAN-OS 9.1.4 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.4 and later 1.0 releases
) In an SD-WAN VPN cluster that has more than one hub, you must assign a priority value to each hub, which determines the primary hub to which branches direct traffic and the subsequent hub failover order. Panorama uses the hub priority to calculate a BGP local preference and pushes the local preference to the branches in the cluster. The branches use the local preference to select a route from multiple routes to the same destination.

What’s New in SD-WAN Plugin 1.0.3

Key feature introduced with the SD-WAN plugin 1.0.3 release:
New SD-WAN Feature
Description
Auto-VPN Configuration for Hub Behind NAT
(
PAN-OS 9.1.3 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.3 and later 1.0 releases
) If you place your SD-WAN hub firewall behind a device performing NAT, you need a way to specify the IP address of that upstream device, which Auto VPN Configuration uses as the tunnel endpoint on the hub. When you add an SD-WAN hub to Panorama, you can now specify the IP address or FQDN of the upstream device performing NAT for the hub; Auto VPN uses the address as the tunnel endpoint for the hub.

What’s New in SD-WAN Plugin 1.0.2

Key features introduced with the SD-WAN plugin 1.0.2 release include:
New SD-WAN Features
Description
Branch Prefix Redistribution
(
PAN-OS 9.1.2-h1 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.2 and later 1.0 releases
) Prior to these releases, branch firewalls automatically redistributed all non-public, connected routes to the hub. Beginning with PAN-OS 9.1.2-h1 and SD-WAN plugin 1.0.2, you can also redistribute any additional prefixes to the hub.
Automatic Security Policy Rule Allowing BGP
(
PAN-OS 9.1.2-h1 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.2 and later 1.0 releases
) For ease of use, you can configure Panorama to automatically create a Security policy rule to allow BGP between branches and hubs.
IKE Preshared Key Refresh
(
PAN-OS 9.1.2-h1 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.2 and later 1.0 releases
) Refresh the IKE preshared key that VPN cluster members use. This action is especially helpful if you have a mandate to refresh IKE keys periodically.
VPN Tunnel IP Address Ranges
(
PAN-OS 9.1.2-h1 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.2 and later 1.0 releases
) Specify IP address ranges for Auto VPN configuration to assign to VPN tunnel endpoints to ensure that Auto VPN does not randomly select IP addresses that overlap with those your network uses.
PPPoE Authentication for SD-WAN Links
(
PAN-OS 9.1.2-h1 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.2 and later 1.0 releases
) SD-WAN links can enable Point-to-Point Protocol over Ethernet (PPPoE) authentication for DSL links.
Panorama Job Descriptions
(
PAN-OS 9.1.2-h1 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.2 and later 1.0 releases
) Panorama now displays additional information in the commit job description to identify the SD-WAN related jobs.
VPN Data Tunnel Support
(
PAN-OS 9.1.2-h1 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.2 and later 1.0 releases
) You can now control access to the SD-WAN VPN data tunnel to specify how branch-to-hub traffic is sent (inside or outside the VPN tunnel). Enable or disable this feature from the
SD-WAN Interface Profile
.
DIA to MPLS Failover
(
PAN-OS 9.1.2-h1 and later PAN-OS 9.1 releases, and SD-WAN plugin 1.0.2 and later 1.0 releases
) Direct Internet Access (DIA) traffic can fail over to the hub through the MPLS link to take an alternate route to the internet.

What’s New in SD-WAN Plugin 1.0.1

Key features introduced with the SD-WAN plugin 1.0.1 release include:
New SD-WAN Features
Description
Improved Monitoring experience
Updated the
Panorama
SD-WAN
Monitoring
landing page to improve the usability of the data presented. Changes include:
  • Added a static line at the top to capture the number of clusters, hubs, and branches
  • Added tooltips to indicate what each of the cards means
  • Updated the card style
Ability to group HA peers
Improved the web interface with the option to display high availability (HA) peers consecutively when adding them as branch or hub devices to Panorama and to VPN clusters.
Improved filtering
Enabled ability to filter search items based on link-name type.

What’s New in SD-WAN Plugin 1.0.0

Key features introduced with the SD-WAN plugin 1.0.0 release include:
New SD-WAN Features
Description
Centralized Configuration Management
Leverage Panorama to manage your SD-WAN configuration for hub and branch locations, enabling you to reuse configurations across locations, reducing management requirements and operational overhead for your deployment.
Automatic VPN Topology Creation
VPN clusters simplify the creation of complex VPN topologies using logical groupings of branches and hubs to accelerate the configuration and deployment of secure communications between all locations.
Traffic Distribution
Take advantage of multiple ISP links to scale capacity and reduce costs. Path selection and brownout and blackout detection are per application to ensure the best performance and user experience for critical business applications. By default, you can achieve subsecond failover between paths, ensuring the best possible performance of applications.
Monitoring and Troubleshooting
Panorama provides complete operational awareness into your SD-WAN environment, including application performance, link performance, and path health using historical trend analysis tools.

Recommended For You