VMware SD-WAN Software Release 3.4.4

WindstreamEnterprise
WindstreamEnterprise Administrator admin
edited October 2021 in Release Notes

VMware/VeloCloud SD-WAN Release 3.4.4 provides several new feature enhancements for Windstream.

 New Hardware Platforms

The following new hardware devices are also being released:

·        620 (Replaces VCE 520v and 540)

·        640 (Replaces VCE 840)

·        680

These new devices offer better performance with enhanced processors that enable the additional functionally for the Fortinet VNF.  

VCE table 1-321.JPG

With the higher processing power, these new VCE edges are all capable of adding on the Fortinet Unified Threat Management (UTM) firewall features via a Virtual Network Function (VNF). 

This is a big plus as it provides the SD-WAN functions along with the Fortinet UTM in a single customer device.

Additionally, with this 3.4.4 enhancement, the VCE 3800 now has maximum throughput of 5 Gbps, so it can fully replace the VCE 2000.

The VCE 510 will remain available as the entry level VMware Edge.

Stateful Firewall

With the 3.4.4 code update, we also get a Stateful Firewall available in the portal.

This new enhancement is available on all VCE’s that are on the VMware code 3.4.4 with no additional orders or charges applied.

 

Stateful firewalls build a state table and use this table to allow only returning traffic from connections currently listed in the state table. After a connection is removed from the state table, no traffic from the external device of this connection is permitted.

The Stateful firewall feature provides the following benefits:

  • Prevent attacks such as denial of service (DoS) and spoofing
  •  More robust logging
  •  Improved network security   

Current Firewall

Current FW.jpg
stateful.jpg

LAN-Side NAT

Users can now restrict LAN-side source NAT to a specific set of destination subnets and can apply source and destination

NAT to the same packet

 

Conditional Backhaul

For hybrid branches (i.e. those with both public Internet and private MPLS), it is now possible to have internet traffic egress directly to the internet but dynamically failover to backhauling through a Hub over the MPLS link when Internet is down. This feature may be enabled for a and disabled on a VMware SD-WAN Edge per-Business Policy basis.

  DISCLAIMER: There may be features listed here that do not get immediately implemented and may be added based on customer demand in the future. 

This discussion has been closed.


Categories