Learn the new features introduced in September 2021.
New Feature/Enhancement
Description
Integration with ADEM
The Autonomous Digital Experience
Monitoring (ADEM) for Remote Networks agent is delivered natively
from the Prisma SD-WAN 5.6.1 device. The ADEM for RN agent provides
visibility into cloud infrastructure performance, application performance
and user traffic monitoring. Analytics are viewed from the Prisma
Access ADEM portal.
Device Software Version Required:
5.6.1-b13 and later
New ION 1200 Series
Prisma SD-WAN introduces the next generation
ION 1200 series with integrated 5G and 4G cellular interfaces. The
base platform includes 4 LAN/WAN ethernet interfaces. For more information,
visit the Prisma SD-WAN.
Site Summary Dashboard
Prisma SD-WAN introduces a new site summary dashboard which
provides an information-rich display of branch related metrics.
These include new metrics such as network health as well as existing
network device and application metrics. Use the following new widgets
to view branch related metrics:
Site Health Overview
Devices
Top Events by Priority
Circuit Connectivity and Health
Application Utilization
Recent Site Audit Logs
TCP Connection Stats
Top Media Audio Performance
Event Engine
Prisma SD-WAN supports a new event correlation
alarm for standard VPNs. The ION devices raise the DEVICEHW_INTERFACE_DOWN alarm
for service endpoint level issues which occur when a service link
to a single endpoint goes down.
Starting with Release 5.6.1,
when the ION device raises the DEVICEHW_INTERFACE_DOWN alarm
for at least two standard VPN interfaces to the same service endpoint
IP address, the controller raises the NETWORK_STANDARD_VPN_ENDPOINT_DOWNsummary alarm while suppressing
the contributing alarms.
Enhanced Path Selection
Prisma SD-WAN supports Link Quality Monitoring (LQM) based
path selection for all path types. The ION device aggregates the
overlay LQM values between branches and data centers to compute
the final LQM value for the internet underlay circuit or other required
paths.
Configure the internet underlay link quality aggregation for
link quality monitoring of one or more data centers.
Device
Software Version Required: 5.6.1 and later
Stacked Security Policies
Prisma SD-WAN supports stacked security policies to
translate business security requirements into configurable security
policy rules that determine connectivity and secure access. In addition
to existing match criteria supported in Original Security Policies,
stacked security policies will also include in-rule port and protocol
match without the need to create an application definition.
To
enhance the visibility of rule effectiveness both global and site
level time series hit counters are available per-rule. To facilitate
seamless migration from Original Security Policies, a clone function
is available which will also include the prefix filters if applicable.
Device
Software Version Required: 5.6.1 and later
Syslog Enhancements
Syslog
over TLS
Syslog Profiles
Prisma SD-WAN supports exporting of data
via syslog over TLS. You can
use the same syslog profile configuration across multiple ION devices.
Create a syslog profile from the Prisma SD-WAN web interface to
forward the collector logs as syslog messages to a syslog server.
Device
Software Version Required: 5.6.1 and later
Enhanced Device to Controller Connection Visibility
Prisma SD-WAN branch ION devices support multicast routing for
LAN interfaces. A branch ION device supports multicast on a maximum
of 31 PIM interfaces, including VLAN sub-interfaces.
Configure
multicast routing from Select the deviceRoutingMulticast.
Device
Software Version Required: 5.6.1 and later
Cellular Telemetry
Prisma SD-WAN supports telemetry and statistics
for cellular ION devices. The Activity screen
now includes the Cellular tab which displays
statistical information on signal strength and statistics, traffic
volume, technology and bandwidth usage, packet information, GPS
location, and cellular tower switch information for cellular devices.
View
the cellular module telemetry on the Prisma SD-WAN web interface
to understand the cellular signal strength.
You will
need an ION device 1200 along with device software version 5.6.1.
ION Device FIPS Mode Enablement
FIPS certification
is in review.
Starting with Prisma SD-WAN Release 5.6.1, you can toggle between non-FIPS to FIPS
mode for the supported ION devices from the Prisma SD-WAN web interface (controller). When you
enable FIPS mode, all cryptographic security parameters (CSPs),
including the CIC certificate, are cleared and the device is
rebooted. After reboot, the device comes up in FIPS approved mode of
operation with a new CIC provisioned by the controller and FIPS
functionality enabled on the device.
Enable
the FIPS mode on the Prisma SD-WAN web interface as shown in the
image.
Supported devices in Release 5.6.1 are ION 1200, ION 1200-C-NA/ROW, and ION
1200-C5G-WW.
FIPS
is not supported on other models, irrespective of the software version
installed on the device.