What's New in Version 5.2.0

Feature Description
Amazon Web Services Transit Gateway Connect Service for BGP/GRE Support on LAN VMware SD-WAN Edge now has a feature (BGP over GRE support on LAN), which enables support on VMware SD-WAN Edges to use the AWS TGW Connect Service for connectivity to the AWS Transit Gateway. For more information see, Configure Edge for Amazon Web Services (AWS) Transit Gateway (TGW) Connect Service
Automatic SIM Switchover This feature allows you to automate the process of LTE SIM switching in case of primary LTE connection failure. For more information, see Configure Automatic SIM Switchover.
BGP Gateway Neighbor State The Orchestrator does not mark the state of BGP neighbor-ship accurately. In a situation where the Edge goes offline due to a power loss or Gateway is not reachable, the BGP state still reflects the one which is previous and it is an incorrect information. Hence, in this feature the Orchestrator shows the Neighbor state as "Unavailable" with appropriate tooltip showing the current Edge or Gateway state to the user. Monitor BGP Gateway Neighbor State
Common Criteria Firewall Gap Remediation Common Criteria (CC) is an international certification accepted by many countries. Obtaining the CC certification is an endorsement that our product has been evaluated by competent and independent licensed laboratories for the fulfilment of certain security properties.
Enterprise users can configure the Common Criteria Firewall settings both at the Edge and Profile levels. By default, this feature is deactivated. For more information, see .
Configure TACACS Services for Edges TACACS services are used by organizations for authentication purpose to access the router or Network-attached Storage (NAS).
CSP as default IdP for Greenfield Direct Customers

For Greenfield Direct Customers, authentication and authorization will be done through VMware Cloud Services Platform (CSP). This marks the first phase in having a common onboarding mechanism for all VMware SaaS services. Greenfield direct customers will be prompted to onboard to CSP. Once onboarding is complete, they can then login to their SASE Orchestrator.
Customizable QoE This feature allows you to configure minimum and maximum latency threshold values, in the range 1ms to 1000ms, for Voice, Video, and Transactional application categories. You can configure this feature in the Business Policy page of a Profile or an Edge. For more information, see Configure Business Policies.

Whenever the Customizable QoE values are modified for a Profile or an Edge, an event is created. For more information, see Monitor QoE.
Disk Status Report Disk status report provides the disk read and write statistics. You can find the total number of read and write and also disk load for every 5 minutes. For more information, see the Remote Diagnostic Tests on Edges section in the VMWare SD-WAN Troubleshooting guide published at  https://docs.vmware.com/en/VMware-SD-WAN/index.html.
DHCPv6 Relay Support on Edge VMware SD-WAN Edge now supports the DHCPv6 Relay feature on an Edge, which allows the DHCPv6 clients to communicate with a remote DHCPv6 server. You can configure this feature on the Device settings page of an Edge. For more information, see Configure Interface Settings for Edges.
Edge Link Down Limit This feature allows you to set the limit for the Edge link to be down. For more information, see Edge Management.
Edge Activation Failure when Next-hop Router cannot be Pinged When clicked on the Activation URL, the local UI stopped the activation process mid-way as it could not ping the upstream next-hop router address to verify its correctness (not all routers respond to ICMP) and this feature helps to overcome this activation issue Activate an Edge Device
Encrypt Device Secrets This feature activates device secret encryption for all the Edges in the current Enterprise. You can even activate this feature for an individual Edge. For more information, see
Enhanced Firewall Services Enhanced Firewall Services (EFS) service provides additional EFS security functionalities on VMware SD-WAN Edges. The NSX Security powered EFS functionality supports Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) services on VMware SD-WAN Edges. The Edge Firewall EFS protect Edge traffic from intrusions across Branch to Branch, Branch to Hub, or Branch to Internet traffic patterns.
Customers can configure and manage the Enhanced Firewall Services (EFS) using the Firewall functionality in VMware SASE Orchestrator. For more information, see the following: .
High Availability Enhancements Release 5.2.0 includes multiple improvements for a site deployed using a High Availability topology. These include:
  • Events: There are new events generated for WAN, LAN, and HA Link state changes and include additional metadata like Serial Number and HA mode.
  • Monitoring
    • The HA Standby tab is a new dashboard for the Standby Edge to report CPU and Memory Utilization located on the Monitor > Edges page.
    • For all Monitor > Edges dashboards, there are now "Failover bars". These are vertical markers on graphs indicating where and when an HA failover occurred.
    • All Monitor > Edges graphs include a box with the HA Edge serial number so a customer knows at a glance which HA Edge was active for a particular period on a Monitoring graph.
  • New Configuration Options for High Availability
    • HA Failover Detection Time Multiplier can be used to set a longer High Availability threshold. The timer represents how long a Standby Edge will wait for a heartbeat packet from the Active Edge before becoming active and can in some instances prevent an Active-Active "Split Brain" state from on an HA Edge under high traffic load.
    • Configurable HA Interface allows the customer to configure any Edge switched port for use as the HA Interface (the interface that connects the Active and Standby Edges for synchronization). Previously the HA Interface was limited to the default interface for that Edge model (in other words, LAN1 or GE1).
    • The HA Interface can also be configured for a 1G/10G SFP port.
  • Packet Capture for the Standby Edge's HA Interface: An administrator now has an additional HA troubleshooting tool with the option to request a packet capture of the Standby Edge's HA Interface.

    For more information, see the following:

  • Activate High Availability
  • Monitoring High Availability Edges
  • Split-Brain Detection and Prevention
  • HA Event Details
  • Request Packet Capture Bundle
High Availability Support for Platform Firmware Updating the Factory image and the Platform firmware on High-availability (HA) for SD-WAN Edges is supported in the 5.2 release. See the following topics for more information:
IPv6 NSD via Edge Non SD-WAN Destination via Edge now supports both IPv4 and IPv6. For more information, see
OSPFv3 OSPF (Open Shortest Path First) is an interior gateway protocol (IGP) that operates within a single autonomous system (AS). OSPFv3 is introduced in the SD-WAN Edge for IPv6 underlay routing in addition to existing BGPv6 support.

For more information about OSPFv3, caveats, and exceptions, see Activate OSPF for Profiles.

For additional sections relevant to OSPFv3, see the following:
RADIUS MAC Address Bypass (MAB) for 802.1x on VLANs In Release 5.1.0, the RADIUS MAB for 802.1x was introduced but limited to routed interfaces only. In Release 5.2.0, customers can also use this feature for VLANs assigned to switched ports. See the section below for more information:
Route Summarization Route Summarization or route aggregation is a method used to minimize the number of routes that a router advertises to its neighbor. See the sections below for more information, a use case, and procedure steps:
Route Visibility The 5.2.0 release supports enhancements and features for routing visibility, which includes the Monitor BGP Gateway Neighbor State (with BGP Received Routes and BGP Advertised Routes) and the Gateway Route table (which displays important information about each route). For more information see:
Secure Access Service VMware SASE Orchestrator allows you to configure the Secure Access Service on the Device settings page for a Profile and an Edge. For more information, see
Support for Over Capacity Drops Trend in the Edge System Information Logs VMware SASE Orchestrator allows you to monitor the total number of packets dropped due to over capacity since the last sync interval. For more information, see Monitor System Information of an Edge.
Wi-Fi Access Control based on MAC Address Wi-Fi Access Control can be used as an additional layer of security for wireless networks. When enabled, only known and approved MAC addresses are permitted to associate with the base station. For more information, see Wi-Fi Access Control based on MAC Address
Zscaler Angular UI Migration Starting with the 5.2.0 release, users can configure the Zscaler feature from the New Orchestrator UI:

Release Notes

For information on all the new/modified features for Version 5.2.0, see https://docs.vmware.com/en/VMware-SASE/5.2.0/rn/vmware-sase-520-release-notes/index.html.

Information about the latest builds for the SD-WAN AWS GovCloud (US) Version 5.2.3, see https://vmware.com/en/VMware-SD-WAN-on-AWS-GovCloud-(US)/5.2.3/rn/vmware-sdwan-on-aws-govcloud-us-523-release-notes/index.html.