Features Introduced in SD-WAN Plugin 1.0.2

Community Team Member

Palo Alto Networks SD-WAN subscription integrates with PAN-OS, providing intelligent, dynamic path selection on top of the industry leading security that PAN-OS software already delivers.

 

 

Features Introduced in SD-WAN Plugin 1.0.2

Secure SD-WAN provides the optimal end user experience by leveraging multiple ISP links to ensure application performance and scale capacity. For upgrade and downgrade considerations and for specific information about the upgrade path, refer to the SD-WAN 1.0 Administrator’s Guide. The administrator’s guide also provides additional information about how to use the SD-WAN Plugin features in this release.

 

Below are the new features introduced in SD-WAN plugin 1.0.2 along with PAN-OS 9.1.2-h1, which is required for the SD-WAN 1.0.2 plugin.

NEW SD-WAN FEATURES DESCRIPTION

Branch Prefix Redistribution

(PAN-OS 9.1.2-h1 and later 9.1 releases, and SD-WAN Plugin 1.0.2 and later 1.0 releases)

Prior to these releases, branch firewalls automatically redistributed all non-public, connected routes to the hub. Beginning with PAN-OS 9.1.2-h1 and SD-WAN plugin 1.0.2, you can also redistribute any additional prefixes to the hub.

Automatic Security Policy Rule Allowing BGP

(PAN-OS 9.1.2-h1 and later 9.1 releases, and SD-WAN Plugin 1.0.2 and later 1.0 releases)

For ease of use, you can have Panorama automatically create a Security policy rule to allow BGP between branches and hubs.

IKE Preshared Key Refresh

(PAN-OS 9.1.2-h1 and later 9.1 releases, and SD-WAN Plugin 1.0.2 and later 1.0 releases)

Refresh the IKE preshared key that VPN cluster members use. This action is especially helpful if you have a mandate to refresh IKE keys periodically.

VPN Tunnel IP Address Ranges

(PAN-OS 9.1.2-h1 and later 9.1 releases, and SD-WAN Plugin 1.0.2 and later 1.0 releases)

Specify IP address ranges for Auto VPN configuration to assign to VPN tunnel endpoints to ensure that Auto VPN does not randomly select IP addresses that overlap with those your network uses.

VPN Data Tunnel Support

(PAN-OS 9.1.2-h1 and later 9.1 releases, and SD-WAN Plugin 1.0.2 and later 1.0 releases)

You can now control access to the SD-WAN VPN data tunnel to specify how branch to hub traffic is sent (inside or outside the VPN tunnel). Enable or disable this feature from the SD-WAN Interface Profile.

DIA to MPLS Failover

(PAN-OS 9.1.2-h1 and later 9.1 releases, and SD-WAN Plugin 1.0.2 and later 1.0 releases)

Direct Internet Access (DIA) traffic can failover to the hub through the MPLS link to take an alternate route to the internet.

 

This content was reprinted from the original document in TechDocs.

Stay on top of things and bookmark Panorama Plugin for SD-WAN 1.0!

 

 

 

Thanks for taking time to read the blog.

If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.

 

Stay Secure,
Kiwi out!

 
1,135 Views
Ask Questions Get Answers Join the Live Community
Labels