Learn what’s new in Prisma SD-WAN in February 2024.
Learn about the new features introduced in Prisma SD-WAN in February
2024.
Where Can I Use
This?
What Do I Need?
Prisma SD-WAN
Prisma SD-WAN
Site Templates
Prisma SD-WAN supports creating bulk site configurations
that allow you to create tailored site templates that cater to your deployment
requirements, allowing you to efficiently deploy branches and data centers at scale.
A site template is a predefined blueprint containing a list of variables that
encompasses all the necessary configurations for creating fully operational sites
and devices. You can deploy multiple sites using an existing template, edit an
existing one, or create a new template to deploy sites.
Here's the workflow for creating site templates.
Site Templates are supported on Prisma SD-WAN Controller
version 6.3.2 and above and ION device software 5.6 and above.
Device Prestaging
You can pre-provision sites before an ION device is available to accelerate
the deployment. The device shell allows you to create elements, visualize the
network, and do simple configurations. If you don't have a physical device at the
time of deployment, a virtual configuration–device shell–is created associating a
device to a site which can be later assigned to a device.
DNS Reachability
Prisma SD-WAN has supported dynamic probing for TCP
applications when it detected 3-way handshake failures. The ION device generates
these dynamic probes to verify whether a destination service is up or down on that
path. If verified as down, the ION device avoids sending additional user requests
for the service on the specific path, while continuing to generate synthetic probes
to detect any change in service reachability.
Starting with Release 6.3.2, Prisma SD-WAN supports this
functionality for UDP DNS traffic along with DNS health visibility also.
Event Optimization
The following deprecated incident codes will no longer be emitted by the
controller:
APPLICATION_APP_UNREACHABLE
NETWORK_VPNBFD_DOWN
Disable Tunnel Reoptimization
Prisma SD-WAN will periodically check the latency by default
when multiple IP addresses or hosts are provided as part of the standard VPN
endpoint. If a destination has better latency, it forces a tunnel change
(config_change) to reoptimize the connection. As part of Release 6.3.2, users now
have the option to disable tunnel reoptimization. In this case, the tunnel
destination will change only if there is a failure.