Prisma SD-WAN Features Introduced in February 2020
Table of Contents
Expand all | Collapse all
-
-
- Prisma SD-WAN Features Introduced in October 2020
- Prisma SD-WAN Features Introduced in July 2020
- Prisma SD-WAN Features Introduced in May 2020
- Prisma SD-WAN Features Introduced in April 2020
- Prisma SD-WAN Features Introduced in March 2020
- Prisma SD-WAN Features Introduced in February 2020
- Prisma SD-WAN Features Introduced in January 2020
Prisma SD-WAN Features Introduced in February 2020
Learn what’s new in Prisma SD-WAN in February 2020.
Feature | Description |
---|---|
NAT Policy Configuration | Prisma SD-WAN introduces NAT policy configuration
through the portal, enabling translation of public and private IP
addresses to ensure privacy of internal networks connected to public
or private networks, including reuse of the same IP address or mapping
of multiple IP addresses to a single IP address. By default, Prisma SD-WAN
provides an out-of-the-box configuration that automatically performs Source
NAT for traffic that is destined directly to public internet interfaces.
In scenarios where more specific configuration is required, Prisma
SD-WAN enables granular NAT control for a variety of use cases.
NAT policies apply only to branch ION devices. They are configured
through NAT policy sets that are attached to sites and contain NAT
policy rules and actions. Prior to configuring NAT, review the migration
considerations included in the NAT Policy Guide. Device Software Version
Required: 5.2.1 and later |
Virtual Interface for Enhanced Redundancy | Prisma SD-WAN enables the creation of a virtual
interface by combining two controller ports or two non-controller
ports for port and cable-level redundancy. If a port malfunctions,
the interface will continue to be accessible through the redundant
port. Note that a virtual interface cannot be created by combining
a controller and a non-controller port. A virtual interface cannot
be created on an interface that is a sub-interface, is part of a
virtual interface such as a bypass pair, contains PPPoE or static
or dynamic IP configuration, or has the option Use this Port For
configured for internet, private WAN, or LAN. Both, Use this Port
For and Circuit Label fields, should be left empty for the interface
to be eligible for configuration as a virtual member interface. Device
Software Version Required: 5.2.1 and later |
VPN-to-VPN Traffic | Prisma SD-WAN enables the forcing of VPN-to-VPN
traffic to the local next hop in the Data Center. When configuring
a data center device, toggle the option Force VPN-to-VPN Traffic
to Local Next Hop to Yes to force traffic from one branch site to another
to the local next hop within a data center site. By default, the
option Force VPN-to-VPN Traffic to Local Next Hop is toggled to
No. Device Software Version Required: 5.2.1 and later |
Branch-Site LAN BGP Routing | LAN-side routing now can be enabled on a branch
site. The branch ION device, in conjunction with the L3 device,
participates in routing as follows:
Device Software Version Required:
5.2.1 and later |
Enhanced Filtering in Activity Charts | Prisma SD-WAN provides improved capability
to search application definitions by name or domain, port number,
L3 or L4 protocols, prefix filters, or transfer types. With improved
search capability, it is now possible to find applications of interest with
ease. For example: Filter all applications that match port 80. This
helps with locating and managing applications. In addition, it can
be used to confirm if any application definitions are being referenced
explicitly in a policy set and if the policy sets are used at a
site. |
DHCP Option 60 | Prisma SD-WAN supports Vendor Class Identifier
(VCI) or option 60 for a DHCP Server. A DHCP client sends an option
code 60 (VCI) in its communication with the DHCP server. On receiving
option 60 or VCI, the DHCP server matches the received VCI with
a VCI from its own table. It then returns a value corresponding
to the VCI to the DHCP client. Option 60 or VCI can be configured
by selecting Vendor Class ID under Custom Options. For Vendor Class
ID, enter a VCI value. Enter definition and corresponding values
for Definition and Value fields. The table shows the data types supported
for definitions and values. Device Software Version Required:
5.2.1 and later |
Path of Last Resort Option per Path Policy
Rule | If all active and backup paths are down, the
L3 failure path, if configured, will be used as a path of last resort.
Device Software Version Required: 5.2.1 and
later |
Custom Application Definition Options | Prisma SD-WAN introduces additional Custom
Application definition options that include the ability to configure
source-based prefix filters for TCP applications and the ability
to flag an application as a network scan application.
Device Software Version Required:
5.2.1 and later |
Device Toolkit Access through the Portal | Prisma SD-WAN now enables remote access to
the device toolkit from the Prisma SD-WAN portal. Note that the
ION device must be claimed and online in order to access the device
toolkit. In addition, only users with Root, Administrator, Super, Network
Administrator, Security Administrator, or View Only permissions
can access the Device Toolkit. Through Map Claimed Devices Map Sites |
Enhancements in Application Definitions |
Device Software Version Required: 5.2.1
and later |