Features Introduced in Prisma SD-WAN ION Release 6.4
Focus
Focus

Features Introduced in Prisma SD-WAN ION Release 6.4

Table of Contents

Features Introduced in Prisma SD-WAN ION Release 6.4

Learn about the features introduced in Prisma SD-WAN ION Release 6.4.
Where Can I Use This?What Do I Need?
  • Prisma SD-WAN
  • Prisma SD-WAN
Learn about the features introduced in Prisma SD-WAN ION Release 6.4.

Features Introduced in Prisma SD-WAN Release 6.4.2

Learn about the features introduced in Prisma SD-WAN ION Release 6.4.2

SASE Easy Onboarding Enhancements

With easy onboarding, effortlessly connect your Prisma SD-WAN sites to Prisma Access using the streamlined onboarding process. As part of the enhancements to easy onboarding, Prisma SD-WAN now provides:
  • Support for Easy Onboarding using site templates
  • Support for automated BGP configuration with different deployment modes
  • Support for Prisma Access region redundancy
  • Support for IPSec profile changes

App Assurance Enhancements: Best Path Selection

Application SLAs enable Prisma SD-WAN to select paths that meet the network and application performance requirements of applications. With Best Path selection the absolute lowest path, based upon Link Quality Monitoring or Probe Metrics, can be selected using path policy, providing the best user experience for applications that are extra sensitive to Latency, Loss, or Jitter.
You will need a device software version 6.4.2 or higher to use this feature.

Expanded System Applications

With the introduction of over 4,000 system applications, any custom application with an identical name to the system application will have '-custom' or '-cm' appended to it.

Enhancements to Subscription Usage

Enhanced consumption visibility with the Top Application Usage During Peak Utilization chart, offering insights into the top 10 application usage during the peak consumption period for each branch on a monthly basis.

IPv6 Enhancements for NAT and ULA

Prisma SD-WAN now supports a unique local address (ULA), IPv6 address in the address range fd00::/7 for LAN interfaces. Prisma SD-WANsupports this only for Direct on Any Public or Private or Prisma SD-WAN on Any Public or Private paths in the active paths in the default path policy.
Prisma SD-WAN supports IPv6 NAT (NAT66 and NAT64) for Direct Internet Access (DIA) traffic.
You will need a device software version 6.4.2 or higher to use this feature.

Filtering for All Incidents and Alerts

Prisma SD-WAN introduces a significant update—the ability to select All Incidents and All Alerts on the policy rules. This feature enhances your control and management capabilities.

Features Introduced in Prisma SD-WAN Release 6.4.1

Learn about the features introduced in Prisma SD-WAN ION Release 6.4.1

App SLA Assurance Enhancements

Measuring application performance and delivering App SLAs is a core component of Prisma SD-WAN. Performance Policy builds upon the existing App SLA configuration to deliver a policy framework for the measurement, enforcement, and alerts for application SLAs. With this release, the performance policy feature includes the following enhancements:
  • Packet Duplication
    In addition to Forward Error Correction, Prisma SD-WAN now supports replication of an application session across up to three VPN paths simultaneously, ensuring consistent and optimized application experiences for end users. Packet Duplication assures the delivery of packets for critical applications, even when all underlay paths are degraded beyond application SLA. Packet Duplication is configured in the performance policy, where it is an additional action within the policy, selectable on a per-app and/or per-path basis. Leveraging this capability requires explicit selection of all paths onto which packets will be duplicated (secondary/alternate paths) and duplicated by the (primary path).
  • Service Health Probes
    Prisma SD-WAN now supports always-on probing to measure key metrics such as round trip latency, packet loss, and jitter to any ICMP/DNS/HTTP/HTTPS service across any transport (Direct, Fabric, Standard VPN). The results are available to the user and they can also be used to make path selection decisions with precise control using performance policy. Additionally, the same application health probes can be used by the system to determine the L3 Reachability.
  • Incidents for System & Site Health Metrics
    In addition to Incidents for link and application health metrics, Prisma SD-WAN now supports the ability to generate incidents for critical system metrics such as CPU Utilization, Memory Utilization, Disk Utilization, and Concurrent Flow table usage as well as Circuit Utilization.

Branch Gateway

Prisma SD-WAN offers two types of site configurations — branch sites and data center sites. There may be situations where the services provided by a given location do not fit cleanly into either of these configurations. To maximize the flexibility of the system, Prisma SD-WAN offers a new hybrid site type — Branch Gateway. The Branch Gateway provides the policy transit and LQM server capabilities of a data center site along with the visibility and path selection of a branch site. You can enable the branch gateway functionality on an existing branch site in the control mode using a site level configuration setting. Upon enabling the Branch Gateway mode, VPN tunnels will automatically form to each branch site in the domain.

Support for OSPF

Prisma SD-WAN supports Open Shortest Path First (OSPF), an interior gateway protocol (IGP) most often used to perform prefix distribution in large enterprise networks dynamically. OSPF determines routes dynamically by obtaining information from other routers and advertising routes to other routers through Link State Advertisements (LSA). Prisma SD-WAN supports the OSPF routing protocols with the L3 switches towards the branch sites and switches and routers in the 'Aggregation Layer' at the campus and data center sites.

SDDC — Megaport (VFF)

The latest update of Prisma SD-WAN brings an exciting new feature: SR-IOV support for the Intel XL710 Ethernet Network Adapter. This support is available for all hypervisors on vION (Virtual ION) and offers users a range of benefits.
Simply put, SR-IOV is a hardware specification and technology that enables a single device, such as a Peripheral Component Interconnect Express (PCIe) NIC, to be shared among multiple virtual machines (VMs). This significantly reduces the overhead associated with I/O virtualization, leading to improved performance, reduced CPU utilization, enhanced security, and efficient resource utilization.
Prisma SD-WAN's SR-IOV support allows users to enjoy faster and more efficient data processing, leading to better overall performance. Additionally, users can benefit from enhanced security, as multiple VMs can share a single device without compromising the integrity of the data. Moreover, reducing CPU utilization leads to more efficient resource utilization and significant business cost savings.

Site Template Enhancements

Prisma SD-WAN Site Templates now supports JINJA conditional statements, offering users enhanced flexibility in their deployments. Users can execute different actions based on site data, streamlining the deployment process.

Standard VPN Enhancements for DC to DC

Prisma SD-WAN now supports a standard VPN tunnel configuration option that controls IKE initiator & responder behavior. This is useful in many scenarios including establishing DC to DC ION tunnels when one or both sides are behind a NAT device.

Improved Incident Management

Prisma SD-WAN now supports clickable impacted objects to help navigate to the appropriate impacted incident name, enhancing the incident's debuggability. You can now select more than one incident for bulk acknowledgement or unacknowledgement.

Subscription Usage Visibility Enhancements

The enhancements to Prisma SD-WAN Subscription Usage provide administrators access to comprehensive visibility on both site and tenant bandwidth consumption. This capability allows administrators to effectively monitor their bandwidth usage, facilitate the tracking and trending of monthly bandwidth utilization across all branch sites to ensure compliance with licensing agreements.

VRF- Support for Standard VPN, NTP, Syslog, and SNMP

Prisma SD-WAN now offers Standard VPN support to the existing VRF functionality. You can quickly put a standard VPN in any VRF (for example, Guest), and you can redirect the traffic part of this VRF to the standard VPN with simple path policies.
If all the user traffic from the different VRFs needs to go over the Standard VPN, a route leak can be configured for basic L3 reachability. Then, you can use path policies for traffic engineering.

Support for Additional App IDs

Prisma SD-WAN now supports over 4,000 system defined application IDs.

Support for Configurable L3 Reachability Probes

Prisma SD-WAN supports Layer 3 reachability probing across different circuits to verify the reachability of internet services using a predefined set of probes. The new configurable service health probes used to verify application and link performance can now be optionally used to determine the L3 service status of a circuit.

SVI—Operational Enhancements

Prisma SD-WAN introduces a configuration feature named SVI Autostate. With this feature, the behavior of the SVI (Switched Virtual Interface) state (up/down) can be configured to remain up when all VLAN member ports are down or to be brought down if all member ports are down.

Support for Auto-APN

Auto APN supports all major carriers in countries such as USA, Canada, Qatar, Australia, and JAPAC region.