What's new

Kaspersky SD-WAN has the following new and improved functionality:

• Centralized firewall management is supported with firewall template and DPI support. Now you can disable or enable DPI when specifying basic firewall settings and specify DPI marks to apply firewall rules to application traffic packets.
• Now you can create DNAT and SNAT rules for firewall management if you want to use the Source Network Address Translation (SNAT), Destination Network Address Translation (DNAT), and Port Address Translation (PAT) mechanisms. You can centrally manage these mechanisms using firewall templates.
• You can use up to 100 virtual routing and forwarding tables (VRF) on CPE devices. You can put BGP routes into one of the virtual routing and forwarding tables.
• Now you can install certificate chains on CPE devices
• Now you can monitor traffic packet information using the NetFlow protocol versions 1, 5, and 9. You can centrally manage the protocol using NetFlow templates.
• Information about the following events is now sent to the Syslog server that you can specify:
  • A user logging in or out of the orchestrator web interface.
  • A user entering the password incorrectly when logging in to the orchestrator web interface.
  • A user conducting a brute-force attack.
  • An attempt to log in to the orchestrator web interface using a non-existent account.
• Two-factor authentication of users is now supported using the Time-based-one-time password (TOTP) algorithm.
• Support for upgrading Kaspersky SD-WAN from version 2.1.3 to 2.2.0. If you are using a version lower than 2.1.3, you must first upgrade the solution to version 2.1.3, and then to 2.2.0. You must first upgrade the central components of the solution, and then the CPE devices.
• The installation archive for quick deployment of Kaspersky SD-WAN is now available. The installation archive lets you modify elements of the orchestrator web interface, such as the displayed logo of your organization.
• Sending notifications about events and problems on CPE devices to user emails is now supported.
• Now you can diagnose CPE devices using the following utilities:
  • ping
  • traceroute
  • tcpdump
  • iperf
  • sweep
• Version 6.0.0 of the Zabbix monitoring system is supported.
• The OVF template for vCPE devices is supported. You can use an OVF template to deploy a vCPE device on the VMware virtualization platform and automatically register it.
• Optimized performance of the Controller and CPE devices.
• Optimized recovery of a failed Controller node.
• Now you can create IP address and subnet ranges for CPE devices (IPAM). You can use these ranges to centrally assign IPv4 addresses to network interfaces of CPE devices. You can also use IP address ranges to centrally assign IPv4 addresses to CPE router IDs.
• CPE device names are now displayed in Zabbix monitoring system.
• Now you can place CPE, VNF, and PNF device hosts into automatically created groups on the Zabbix server. Groups correspond to tenants to which VNFs, PNFs, and CPE devices belong.
• The RED OS 8 operating system is supported for central components of the solution.
• Users with the tenant role can now change the password.
• Assigned IPv4 addresses can now be displayed in the table of network interfaces of a CPE device.
• Now you can create network interfaces for connecting to a PPPoE server.
• CPE devices can now relay multicast traffic using the PIM and IGMP protocols.