Preview of Features Introduced in April 2024
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
Preview of Features Introduced in April 2024
Here's a preview of what’s new in Prisma SD-WAN in April 2024.
Here's a preview of the new features introduced in Prisma SD-WAN in April
2024.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
App SLA Assurance Enhancements
Measuring application performance and delivering App SLAs is a core
component of Prisma SD-WAN. Performance Policy builds upon the
existing App SLA configuration to deliver a policy framework for the measurement,
enforcement, and alerts for application SLAs. With this release, the performance
policy feature includes the following enhancements:
- Packet DuplicationIn addition to Forward Error Correction, Prisma SD-WAN now supports replication of an application session across up to three VPN paths simultaneously, ensuring consistent and optimized application experiences for end users. Packet Duplication assures the delivery of packets for critical applications, even when all underlay paths are degraded beyond application SLA. Packet Duplication is configured in the performance policy, where it is an additional action within the policy, selectable on a per-app and/or per-path basis. Leveraging this capability requires explicit selection of all paths onto which packets will be duplicated (secondary/alternate paths) and duplicated by the (primary path).
- Service Health ProbesPrisma SD-WAN now supports always-on probing to measure key metrics such as round trip latency, packet loss, and jitter to any ICMP/DNS/HTTP/HTTPS service across any transport (Direct, Fabric, Standard VPN). The results are available to the user and they can also be used to make path selection decisions with precise control using performance policy. Additionally, the same application health probes can be used by the system to determine the L3 Reachability.
- Incidents for System & Site Health MetricsIn addition to Incidents for link and application health metrics, Prisma SD-WAN now supports the ability to generate incidents for critical system metrics such as CPU Utilization, Memory Utilization, Disk Utilization, and Concurrent Flow table usage as well as Circuit Utilization.
Branch Gateway
Prisma SD-WAN offers two types of site configurations —
branch sites and data center sites. There may be situations where the services
provided by a given location do not fit cleanly into either of these configurations.
To maximize the flexibility of the system, Prisma SD-WAN offers a new
hybrid site type — Branch Gateway. The Branch Gateway provides the policy transit
and LQM server capabilities of a data center site along with the visibility and path
selection of a branch site. You can enable the branch gateway functionality on an
existing branch site in the control mode using a site level configuration setting.
Upon enabling the Branch Gateway mode, VPN tunnels will automatically form to each
branch site in the domain.
Support for OSPF
Prisma SD-WAN supports Open Shortest Path First (OSPF), an
interior gateway protocol (IGP) most often used to perform prefix distribution in
large enterprise networks dynamically. OSPF determines routes dynamically by
obtaining information from other routers and advertising routes to other routers
through Link State Advertisements (LSA). Prisma SD-WAN supports the
OSPF routing protocols with the L3 switches towards the branch sites and switches
and routers in the 'Aggregation Layer' at the campus and data center sites.
SDDC — Megaport (VFF)
The latest update of Prisma SD-WAN brings an exciting new
feature: SR-IOV support for the Intel XL710 Ethernet Network Adapter. This support
is available for all hypervisors on vION (Virtual ION) and offers users a range of
benefits.
Simply put, SR-IOV is a hardware specification and technology that enables
a single device, such as a Peripheral Component Interconnect Express (PCIe) NIC, to
be shared among multiple virtual machines (VMs). This significantly reduces the
overhead associated with I/O virtualization, leading to improved performance,
reduced CPU utilization, enhanced security, and efficient resource utilization.
Prisma SD-WAN's SR-IOV support allows users to enjoy faster
and more efficient data processing, leading to better overall performance.
Additionally, users can benefit from enhanced security, as multiple VMs can share a
single device without compromising the integrity of the data. Moreover, reducing CPU
utilization leads to more efficient resource utilization and significant business
cost savings.
Site Template Enhancements
Prisma SD-WAN
Site Templates now supports JINJA
conditional statements, offering users enhanced flexibility in their deployments.
Users can execute different actions based on site data, streamlining the deployment
process.
Standard VPN Enhancements for DC to DC
Prisma SD-WAN now supports a standard VPN tunnel
configuration option that controls IKE initiator & responder behavior. This is
useful in many scenarios including establishing DC to DC ION tunnels when one or
both sides are behind a NAT device.
Improved Incident Management
Prisma SD-WAN now supports clickable impacted objects to
help navigate to the appropriate impacted incident name, enhancing the incident's
debuggability. You can now select more than one incident for bulk acknowledgement or
unacknowledgement.
Subscription Usage Visibility Enhancements
The enhancements to Prisma SD-WAN Subscription Usage provide
administrators access to comprehensive visibility on both site and tenant bandwidth
consumption. This capability allows administrators to effectively monitor their
bandwidth usage, facilitate the tracking and trending of monthly bandwidth
utilization across all branch sites to ensure compliance with licensing agreements.
VRF- Support for Standard VPN, NTP, Syslog, and SNMP
Prisma SD-WAN now offers Standard VPN support to the
existing VRF functionality. You can quickly put a standard VPN in any VRF (for
example, Guest), and you can redirect the traffic part of this VRF to the standard
VPN with simple path policies.
If all the user traffic from the different VRFs needs to go over the
Standard VPN, a route leak can be configured for basic L3 reachability. Then, you
can use path policies for traffic engineering.
Support for Additional App IDs
Prisma SD-WAN now supports over 4,000 system defined
application IDs.
Support for Configurable L3 Reachability Probes
Prisma SD-WAN supports Layer 3 reachability probing across
different circuits to verify the reachability of internet services using a
predefined set of probes. The new configurable service health probes used to verify
application and link performance can now be optionally used to determine the L3
service status of a circuit.
SVI—Operational Enhancements
Prisma SD-WAN introduces a configuration feature named
SVI Autostate. With this feature, the behavior of the SVI (Switched
Virtual Interface) state (up/down) can be configured to remain up when all VLAN
member ports are down or to be brought down if all member ports are down.
Support for Auto-APN
Auto APN supports all major carriers in countries such as USA, Canada, Qatar,
Australia, and JAPAC region.