: Preview of Features Introduced in April 2024
Focus
Focus

Preview of Features Introduced in April 2024

Table of Contents

Preview of Features Introduced in April 2024

Here's a preview of what’s new in Prisma SD-WAN in April 2024.
Here's a preview of the new features introduced in Prisma SD-WAN in April 2024.
Where Can I Use This?What Do I Need?
  • Prisma SD-WAN
  • Prisma SD-WAN

App SLA Assurance Enhancements

Measuring application performance and delivering App SLAs is a core component of Prisma SD-WAN. Performance Policy builds upon the existing App SLA configuration to deliver a policy framework for the measurement, enforcement, and alerts for application SLAs. With this release, the performance policy feature includes the following enhancements:
  • Packet Duplication
    In addition to Forward Error Correction, Prisma SD-WAN now supports replication of an application session across up to three VPN paths simultaneously, ensuring consistent and optimized application experiences for end users. Packet Duplication assures the delivery of packets for critical applications, even when all underlay paths are degraded beyond application SLA. Packet Duplication is configured in the performance policy, where it is an additional action within the policy, selectable on a per-app and/or per-path basis. Leveraging this capability requires explicit selection of all paths onto which packets will be duplicated (secondary/alternate paths) and duplicated by the (primary path).
  • Service Health Probes
    Prisma SD-WAN now supports always-on probing to measure key metrics such as round trip latency, packet loss, and jitter to any ICMP/DNS/HTTP/HTTPS service across any transport (Direct, Fabric, Standard VPN). The results are available to the user and they can also be used to make path selection decisions with precise control using performance policy. Additionally, the same application health probes can be used by the system to determine the L3 Reachability.
  • Incidents for System & Site Health Metrics
    In addition to Incidents for link and application health metrics, Prisma SD-WAN now supports the ability to generate incidents for critical system metrics such as CPU Utilization, Memory Utilization, Disk Utilization, and Concurrent Flow table usage as well as Circuit Utilization.

Branch Gateway

Prisma SD-WAN offers two types of site configurations — branch sites and data center sites. There may be situations where the services provided by a given location do not fit cleanly into either of these configurations. To maximize the flexibility of the system, Prisma SD-WAN offers a new hybrid site type — Branch Gateway. The Branch Gateway provides the policy transit and LQM server capabilities of a data center site along with the visibility and path selection of a branch site. You can enable the branch gateway functionality on an existing branch site in the control mode using a site level configuration setting. Upon enabling the Branch Gateway mode, VPN tunnels will automatically form to each branch site in the domain.

Support for OSPF

Prisma SD-WAN supports Open Shortest Path First (OSPF), an interior gateway protocol (IGP) most often used to perform prefix distribution in large enterprise networks dynamically. OSPF determines routes dynamically by obtaining information from other routers and advertising routes to other routers through Link State Advertisements (LSA). Prisma SD-WAN supports the OSPF routing protocols with the L3 switches towards the branch sites and switches and routers in the 'Aggregation Layer' at the campus and data center sites.

SDDC — Megaport (VFF)

The latest update of Prisma SD-WAN brings an exciting new feature: SR-IOV support for the Intel XL710 Ethernet Network Adapter. This support is available for all hypervisors on vION (Virtual ION) and offers users a range of benefits.
Simply put, SR-IOV is a hardware specification and technology that enables a single device, such as a Peripheral Component Interconnect Express (PCIe) NIC, to be shared among multiple virtual machines (VMs). This significantly reduces the overhead associated with I/O virtualization, leading to improved performance, reduced CPU utilization, enhanced security, and efficient resource utilization.
Prisma SD-WAN's SR-IOV support allows users to enjoy faster and more efficient data processing, leading to better overall performance. Additionally, users can benefit from enhanced security, as multiple VMs can share a single device without compromising the integrity of the data. Moreover, reducing CPU utilization leads to more efficient resource utilization and significant business cost savings.

Site Template Enhancements

Prisma SD-WAN Site Templates now supports JINJA conditional statements, offering users enhanced flexibility in their deployments. Users can execute different actions based on site data, streamlining the deployment process.

Standard VPN Enhancements for DC to DC

Prisma SD-WAN now supports a standard VPN tunnel configuration option that controls IKE initiator & responder behavior. This is useful in many scenarios including establishing DC to DC ION tunnels when one or both sides are behind a NAT device.

Improved Incident Management

Prisma SD-WAN now supports clickable impacted objects to help navigate to the appropriate impacted incident name, enhancing the incident's debuggability. You can now select more than one incident for bulk acknowledgement or unacknowledgement.

Subscription Usage Visibility Enhancements

The enhancements to Prisma SD-WAN Subscription Usage provide administrators access to comprehensive visibility on both site and tenant bandwidth consumption. This capability allows administrators to effectively monitor their bandwidth usage, facilitate the tracking and trending of monthly bandwidth utilization across all branch sites to ensure compliance with licensing agreements.

VRF- Support for Standard VPN, NTP, Syslog, and SNMP

Prisma SD-WAN now offers Standard VPN support to the existing VRF functionality. You can quickly put a standard VPN in any VRF (for example, Guest), and you can redirect the traffic part of this VRF to the standard VPN with simple path policies.
If all the user traffic from the different VRFs needs to go over the Standard VPN, a route leak can be configured for basic L3 reachability. Then, you can use path policies for traffic engineering.

Support for Additional App IDs

Prisma SD-WAN now supports over 4,000 system defined application IDs.

Support for Configurable L3 Reachability Probes

Prisma SD-WAN supports Layer 3 reachability probing across different circuits to verify the reachability of internet services using a predefined set of probes. The new configurable service health probes used to verify application and link performance can now be optionally used to determine the L3 service status of a circuit.

SVI—Operational Enhancements

Prisma SD-WAN introduces a configuration feature named SVI Autostate. With this feature, the behavior of the SVI (Switched Virtual Interface) state (up/down) can be configured to remain up when all VLAN member ports are down or to be brought down if all member ports are down.

Support for Auto-APN

Auto APN supports all major carriers in countries such as USA, Canada, Qatar, Australia, and JAPAC region.