Citrix SD-WAN

Citrix SD-WAN 10.2.4 Release Notes

Introduction

This release note describes what’s new, fixed issues, and known issues applicable to Citrix SD-WAN software release 10.2 version 4 for the SD-WAN Standard Edition, WANOP, Premium Edition appliances, and SD-WAN Center.

For information about the previous release versions, see the Citrix SD-WAN documentation on docs.citrix.com.

What’s New

Keep Keystore Open

In Citrix SD-WAN release 10.2.4 for WANOP and PE editions, a new option to always keep the keystore open is introduced. You can choose the Keep Keystore Open option and enter a keystore password key. The user-provided keystore password is encrypted using the password key. The encryption algorithm used is AES CBC 256. Whenever the system reboots, the system decrypts the encrypted keystore password using the password key and uses it to open the keystore. This ensures that the keystore password is secure and the keystore remains open whenever the system reboots.

Fixed Issues

SDWANHELP-736: SD-WAN service might be interrupted during the configuration change in a Two-Box deployment mode.

SDWANHELP-748: The license does not get applied on multiple sites.

SDWANHELP-786: A path on a WAN link that is enabled with public IP address learning might go dead after a configuration change to enable UDP hole punching on the WAN link.

SDWANHELP-779: SD-WAN package upgrade traffic is slow and does not handle Out of Order packets in the network optimally.

SDWANHELP-831: Upon power cycling 210 appliances, FTW relay controller might fail to initialize, which can lead to the relay stay in closed state if configured in serial high availability (FTW) mode.

SDWANHELP-852: In few cases, when customer network has a routing loop, SD-WAN internal data structures might get corrupted causing packet drops.

SDWANHELP-854: Under rare circumstances, if invalid packets are received, the system might restart. This issue might occur if path encryption was disabled from its default enabled state.

SDWANHELP-896: In some deployments with Dynamic Virtual Paths or short Security Association (SA) lifetimes where SAs are being created and destroyed frequently, a service interrupting error might occur.

SDWANHELP-899: A possible race condition is addressed that in rule configuration update which might sometimes cause data path interruption.

SDWANHELP-901: If the system has high availability and got lot of virtual path then you might miss syncing the routes to the peers, whenever lot of route update events are available from the other peers.

SDWANHELP-914: Unable to apply settings when adding a path to schedule bandwidth tests for it.

SDWANHELP-916: At times, service hangs when the configuration is updated.

SDWANHELP-919: Under heavy load and a high arrival rate of Time-to-live (TTL) expiry packets, the service might crash if a filter is applied under Monitoring > > Flows. This would cause a High Availability (HA) switchover in HA deployment.

SDWANHELP-934: We send out the Address Resolution Protocol (ARP) request (which must not be sent out) if:

  • The Virtual Router Redundancy Protocol (VRRP) instance is in disabled state.
  • The Address Resolution Protocol (ARP) request of Gratuitous ARP (GARP) received from the peer router.

This issue occurs when the VRRP is configured and the instance is disabled.

SDWANHELP-941: During configuration update we might miss resetting the virtual path change event and might result in this bug where we won’t bring down the routes even when the corresponding virtual path goes down.

SDWANHELP-945: In Configuration Editor, if you click Audit for the BGP section takes you to the OSPF section even when OSPF is not configured.

SDWANHELP-947: Usage reported for a metered link is abnormally high.

SDWANHELP-978: LTE modem can go missing upon rebooting the SD-WAN 210 appliances. This is an intermittent issue where a power cycle must bring the modem back up online.

SDWANHELP-981: Automated Azure Virtual WAN deployment via SD-WAN Center was unable to download and apply VPN configuration and associated routes.

NSSDW-21034: PPPoE packet-level debug log of session establishment is removed that might cause disk utilization when session is failing to establish continuously.

Known Issues

There are no known issues found in Citrix SD-WAN release 10.2 version 4.

Citrix SD-WAN 10.2.4 Release Notes