Citrix SD-WAN Orchestrator for On-premises 14.4

Release Notes for Citrix SD-WAN Orchestrator for On-premises 10.3 Release

This release notes document describes the enhancements and changes, fixed and known issues that exist for the Citrix SD-WAN Orchestrator for On-premises release 10.3.


This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.

What’s New

The enhancements and changes that are available in release 10.3.

Configuration and Management

Dynamic Routing

From Citrix SD-WAN 11.3.1 release onwards, you can configure one router ID for the entire protocol and also one router ID per routing domain. With this enhancement, you can enable stable dynamic routing across multiple instances with different router IDs converging in a stable manner.

[ SDW-17097 ]

Retry staging

Retry staging option is now available to reinitiate staging at the sites where the staging process has failed.

[ SDW-16538 ]

Custom application

The Enable Reporting check box is newly added for the IP Protocol-based custom applications. Now you can also view the IP protocol and domain name-based custom application-defined traffic under the Reports > Usage page. The custom application option is also added as a type under the Application quality configuration page.

[ SDW-10862 ]


Fallback configuration

Fallback configuration ensures that the appliance remains connected to the zero-touch deployment service if there is a link failure, configuration mismatch, or software mismatch. Fallback configuration is enabled by default on the appliances that have a default configuration profile. If the fallback configuration is disabled at a site, you can enable it through Citrix SD-WAN Orchestrator for On-premises.

[ SDW-13978 ]


You can now use the Appliance settings Flows section to perform the following action:

  • Enable/disable Citrix Virtual WAN service
  • Restart dynamic routing
  • Enable/disable virtual paths
  • Enable/disable WAN links

[ SDW-13977 ]

Network Admin and Security Admin roles (Preview)

Citrix SD-WAN Orchestrator for On-premises supports the following roles:

  • Provide-Network-Admin: An administrator who can only view and edit the network related information.
  • Provider-Security-Admin: An administrator who can only view and edit the security related information.
  • Customer-Network-Admin: A customer administrator who can only view and edit network related information.
  • Customer-Security-Admin: A customer administrator who can only view and edit security related information.

[ SDW-13845 ]

Appliance Settings

You can now configure date and time, at the site level, through Citrix SD-WAN Orchestrator for On-premises. You can either configure the date and time manually or through an NTP server and also set the time zone.

[ SDW-13321 ]

Provider level support

Citrix SD-WAN Orchestrator for On-premises supports multitenancy. With the multitenancy feature, multiple customer accounts can be managed using a single Citrix SD-WAN Orchestrator for On-premises instance. You can have one of the following types of setups.

  • Provider managed setup: Customers consume a managed Citrix SD-WAN Orchestrator for On-premises service from Citrix partners using the multitenancy feature.

  • Customer managed setup: Customers manage their Citrix SD-WAN Orchestrator for On-premises as a self-managed service for their enterprise.

As part of provider managed setup support, the following capabilities are introduced:

  • Roles: The following provider level roles are added:
    • Provider-Master-Admin-All
    • Provider-Master-Admin-Tenant
    • Provider-Master-ReadOnly-All
  • Dashboard: A new UI page is added that provides a birds eye view of all the SD-WAN customers managed by a provider.
  • Connectivity with SD-WAN appliances: In a provider managed setup, only providers have the ability to enable authentication type and regenerate the Citrix SD-WAN Orchestrator for On-premises certificate. Customers have the ability to upload the appliance certificate.
  • Site profile templates and WAN link templates: The templates enable the creation of site profiles and WAN link profiles at a customer level.
  • Publish software: Citrix SD-WAN Orchestrator for On-premises allows provider administrators to download Citrix SD-WAN appliance software version required for all the appliances in your network. Providers can publish the downloaded software version. The published software is downloaded and stored in Citrix SD-WAN Orchestrator for On-premises. Customer administrators can deploy the published software to all the appliances managed by Citrix SD-WAN Orchestrator for On-premises.
  • Administration: Provider administrators can configure management IP, DNS, NTP servers, and remote authentication servers.
  • Announcements: Providers can use the Announcements option to send out announcements or notifications to their customers.
  • Reports: The Provider Reports provide visibility into alerts, usage trends, and inventory aggregated across all the customers managed by a Provider.

[ SDW-12589 ]

Zero Touch Deployment - Batch Sites

You can now import a CSV file to add multiple sites simultaneously for Zero Touch Deployment. A sample downloadable template is available in the UI, download it and provide all the site details.

[ SDW-12249 ]

Platform and systems

Site Reports: WAN Link Metering

The WAN Link Metering reports provide details about the metered WAN link usage. You can view the reports to get insights into the data consumption of the metered WAN links.

[ SDW-8892 ]

Known Issues

The issues that exist in release 10.3.

Configuration and Management

For In-band HA, the GUI does not have an option to select the direction of the Destination Rule with Service Type as Any resulting in failure of outbound rules. The error message [EC818] At Site site-name: service type ‘any’ may not be used when direction is outbound.

[ SDW-16968 ]


Even though the customer administrator does not have access to delete the remote authentication servers, the GUI displays the delete icon. However, when tried to perform the delete operation, the following error is displayed:

User is not authorized to perform this operation

[ SDW-18945 ]

From the provider level Administration > Announcements page, if you choose a customer from the top menu bar, a blank page with Network Administration as the heading is displayed.

[ SDW-18944 ]

You cannot restore the database backup taken in a provider managed setup on a customer managed setup. Similarly, you cannot restore the database backup taken in a customer managed setup on a provider managed setup.

[ SDW-18904 ]

When the customer-security-admin role having read-only access to the site configuration tries to edit the configuration, instead of displaying unauthorized access, a red banner with an error message is displayed.

[ SDW-18840 ]

Licensing feature is not supported in the provider managed setup of Citrix SD-WAN Orchestrator for On-premises. Providers can continue with the trial licenses. A grace period of 60 days will be provided.

[ SDW-18831 ]

When an appliance loses connectivity to Citrix SD-WAN Orchestrator for On-premises for more than 20 minutes and goes into the re-registration phase, it sends an incorrect serial number in the registration request.

Workaround: Reboot the appliance.

[ SDW-18781 ]

After importing valid production entitlements, Upgrade to production option is made available under Licensing even before assigning the license to the appliance.

Workaround: Click Upgrade to Production only after the license is assigned to the appliance.

[ SDW-18721 ]

Network Address Translation (NAT) is not supported between Citrix SD-WAN Orchestrator for On-premises and the appliance.

[ SDW-18703 ]

In a provider managed setup, the announcements added by the provider administrators are not getting displayed to customers at their login.

[ SDW-18491 ]

The CLI allows users to create a password out of the allowed 8–128 length range but the GUI login fails if the password length is out of the allowed range.

Workaround: On logging into the GUI, the user is forced to change the length of the password to the allowed range.

[ SDW-16068 ]

When a user tries to log in, a red banner might display at the top of the page for a fraction of a second before displaying the login page.

[ SDW-16024 ]

When the database backup of an appliance is restored on another appliance having the same release of Citrix SD-WAN Orchestrator for On-premises, the user details are not restored. On the restored appliance, if you create a user with the same user name as in the backed-up database, the following error is displayed:

User has a role already assigned

Workaround: Create a user with a different user name that did not exist on the backed-up database.

[ SDW-15984 ]

Release Notes for Citrix SD-WAN Orchestrator for On-premises 10.3 Release