What's New in Version 4.3.0

Feature Description
Azure vWAN IPSec Automation from SD-WAN Edge Azure Virtual WAN is a network service that facilitates optimized and automated Virtual Private Network (VPN) connectivity from enterprise branch locations to or through Microsoft Azure.
To establish branch-to-Azure VPN connectivity, SD-WAN Orchestrator supports Azure Virtual WAN and VMware SD-WAN integration and automation from SD-WAN Edge by leveraging the Azure backbone. For more information, see:
Bastion Orchestrator for High Security Environments The VMware SD-WAN Orchestrator stores and exports, through APIs, sensitive information about customers and their networks. To protect the on-premises customer-sensitive information from external attack and to restrict access to their APIs, VMware SD-WAN supports configuration of a Bastion Orchestrator (Public Orchestrator) in an Internet-facing demilitarized zone (DMZ) for the purpose of staging and activation of a SD-WAN Edge.

For more information about architecture, activation workflow, and configuration of the Bastion Orchestrator for customers, see Bastion Orchestrator Configuration Guide published at https://docs.vmware.com/en/VMware-SD-WAN/index.html.

BGP Over IPSec on Edge Direct IPsec tunnels are used for establishing a secure communication between the SD-WAN Edge and the Non SD-WAN Destination (NSD). In previous releases, VMware supported NSD tunnels from the SD-WAN Edge with the ability to add NSD static routes. In the 4.3 release, this functionality is extended to support BGP over IPSec to the NSD endpoint for a route-based VPN.
BGP Over IPSec on Gateway

Direct IPsec tunnels are used for establishing a secure communication between the SD-WAN Gateway and the Non SD-WAN Destination (NSD). In previous releases, VMware supported NSD tunnels from the SD-WAN Gateway with the ability to add NSD static routes. In the 4.3 release, this functionality is extended to support BGP over IPSec to the NSD endpoint for a route-based VPN.

See the following sections for more information:
Configure Audit Comments in Firewall Rule While creating or updating a Firewall rule, a new support is added for Enterprise users to add audit comments in the Firewall Rule. See Configure Firewall Rules.
Configure DSL Support The 4.0 release introduced support for DSL SFPs on the SD-WAN Edge 610. In the release 4.3, this support has been extended to include DSL support on all 6x0 platforms. Beginning with the release 4.0, customers can also activate their SD-WAN Edges at sites that only have a DSL line.
Configure Settings using New Orchestrator UI Allows the Enterprise user to configure the following settings using the new redesigned portal.
Loopback Interface Support A loopback interface is a logical interface that allows you to assign a virtual IP address, which is used to identify a SD-WAN Edge. Loopback interfaces are used as the source interface for services such as TACACS, NetFlow, Syslog, and so on. It is also used as the source interface to transmit traffic from SD-WAN Edge to SD-WAN Orchestrator. For more information about loopback interfaces, see Loopback Interfaces Configuration.
Security Enhancements for Password Flow Change Allows an Enterprise Admin user to set a new password only if the current password is entered correctly. See Configure Admin Users.
Support for IPv6 Addresses In addition to IPv4 addresses, you can configure IPv6 addresses while configuring an Interface and WAN Overlay settings for an Edge. See:
Support for unique MAC address on HA Interface By default, High Availability uses a common virtual MAC address to support seamless failover between devices. Instead of generating a common or shared virtual MAC address, you can use a unique MAC address in certain virtual environments. See Enable High Availability.
Support for detecting Loss of Signal (LoS) on HA Interface You can enable LoS detection on routed Interfaces of an Edge enabled with High Availability to detect the Loss of Signal and HA Failover. See HA LoS Detection on Routed Interfaces.
Support for 128 segments You can now choose to increase the default value of segments that can be created per Enterprise to a maximum of 128 segments. See Configure Segments.
Support to Activate Edges Using Zero Touch Provisioning Zero Touch Provisioning allows you to activate Edges by powering on the Edges and connecting them to the internet. This method eliminates the need of an activation link. See Activate SD-WAN Edges Using Zero Touch Provisioning.
Zscaler Integration Enhancements Allows to enable Layer 7 (L7) Health Check for the Zscaler Service provider to determine and monitor the health of Zscaler Server. Additionally, UI support is added to access the Zscaler Admin portal. See:
Updates to Syslog Message Format for Firewall Logs The syslog firewall logs are updated to include segment name, profile name, and firewall rule ID. See Syslog Message Format for Firewall Logs.
Class of Service (CoS) support for Public overlay You can now use the Class of Service (CoS) feature on wireless public links. See Configure Edge WAN Overlay Settings.

Previous VMware SD-WAN Versions

This is the first release of VMware SD-WAN on AWS GovCloud (US).