Citrix SD-WAN data sheet

Citrix SD-WAN delivers the reliable, high-performance user experience your distributed workforce needs to do their best work anywhere. With Citrix SD-WAN, you can simplify your hybrid multi-cloud initiatives by optimizing applications and automating connectivity. Easily deploy robust security capabilities where you need them. And choose from the broadest choice in security with a unified security service, on-box advanced security, and integration with third-party best-of-breed firewalls.

A single cloud-based user interface makes it simple to manage your WAN, configure security policies, and monitor and prioritize applications. Citrix SD-WAN gives you the most flexibility with a range of physical and virtual form factors, you can deploy SD-WAN in public clouds, data centers, branches and home offices.

Citrix SD-WAN is a core capability of the Citrix unified approach to Secure Access Service Edge (SASE) along with zero-trust network access and cloud-delivered security for secure, reliable access to all applications anywhere from any device.

Why Citrix SD-WAN

  • Gartner number 1 for application experience optimization
    • Consistent experience for Citrix Virtual Apps and Desktops
  • Comprehensive security
    • All Gartner “core” and “recommended” SASE capabilities
  • Unified cloud-hosted management
    • Cloud-hosted networking and security from a single pane of glass
  • Reliable and resilient connectivity
    • Over any type of connectivity to cloud, SaaS and virtual apps
  • Consistent hybrid work models
    • For executives, heavy-data users, call center reps, ad-hoc workspaces

Explore Citrix SD-WAN features

Refer to the Citrix SD-WAN data sheet PDF for additional features and details.

Citrix SD-WAN includes an industry-leading application control engine with deep packet inspection enabling detection, classification, and acceleration of over 4,500 SaaS, cloud, and virtual applications and sub applications. With Citrix SD-WAN, you can deliver the best application experience through real-time, packet-based path selection and bi-directional QoS.

Data is delivered on a per packet basis. Packet-based forwarding reorders packets to mitigate changing WAN conditions in order to best steer traffic. Packet duplication, or racing, ensures high application performance for real-time applications such as voice by duplicating a session’s traffic across multiple paths. This means that no packets are lost and, as the first of the duplicate pair to arrive is used, each packet takes the lowest latency route. This allows for optimal application performance for just a small cost in bandwidth.

Dual-ended QoS measures latency, packet loss and jitter at both the sending end and destination. Administrators configure QoS globally from a single source and senders only send at the peers advertised receive rate. Unidirectional local measurements are shared with peer devices in the network. All sites get their fair share of bandwidth preventing oversubscription and wasted utilization.

Granular visibility into HDX user sessions and the proprietary Citrix ICA protocol distinguishes different channels of traffic such as in-band audio, display remoting, multimedia redirection, and printing and can granularly optimize critical traffic using Quality of Service (QoS) controls over a single-port architecture.

Citrix integrated admin workflow automates provisioning of SD-WAN for Azure-hosted Citrix Virtual Apps and Desktops and DaaS deployments.

Citrix SD-WAN integrates Microsoft APIs and follows Microsoft’s Office 365 connectivity principles to optimize traffic and send it directly to Microsoft cloud front doors. SD-WAN steers Teams audio-video traffic to Azure for enhanced reliability and performance or directly to the closest Office 365 front door. Untrusted traffic can be steered to a data center security stack or cloud-based secure web gateway for enforcement.

Citrix SD-WAN improves the application experience while reducing bandwidth expenses with features such as TCP optimization, compression, data de-duplication, and protocol optimization.

By deploying SD-WAN virtual instances in Microsoft Azure, AWS and Google Cloud Platform clouds with SD-WAN appliances on-premises, customers get link bonding, packet-based real-time path selection, QoS, and resiliency in case of congestion or power outages with zero interruption on user experience. On AWS, SD-WAN eases connectivity to VPCs with AWS Transit Gateway Connect integration, extends hybrid-cloud to on-premises with Outposts, modernizes the WAN for the cloud, provides real-time monitoring and insights, and leverages a massive global footprint and native access to a broad and deep set of traditional and emerging IT resources.

Enterprise-grade private network (middle mile) for SaaS provides optimized high-performance connections from the local last mile networks to a network of geographically distributed PoPs that peer with SaaS clouds via dedicated paths.

Citrix SD-WAN acts as an 802.1x Wi-Fi secure access point boosting bandwidth and ensuring resiliency by leveraging broadband and combining it with LTE ideal for at-home workers. USB and dongle LTE options give your network fast performance and reliability. It’s certified for operation on Verizon’s 4G/LTE network along with a host of others.

Citrix SD-WAN Orchestrator, the cloud-hosted management tool, enables customers and partners to centrally manage and monitor the WAN for security, control and visibility across the entire network with an intent-based approach. Quickly and easily deploy new sites on the network remotely with zero touch deployment. Simplify the time and effort to set up new locations with automated setup of cloud services, security policies, and applications with profiles, templates and cloning.

built-in ICSA certified stateful firewall and automatically connect to your choice of several cloud security platforms, including Zscaler, Palo Alto Networks Prisma Access or host NGFW VNFs like Palo Alto Networks VM-Series directly on the SD-WAN branch appliance.

Holistic edge security — designed to protect the WAN edge —is available on the Citrix SD-WAN branch appliance so you can leverage direct internet paths.

Integrated edge security features including signature-based IDS and IPS; web filtering; SSL inspection; and malware protection for HTTP, FTP and SMTP bring:

  • More than 26,000 IDS/IPS signatures with automatic updates.
  • Category based Web filter policies to block porn, gambling, videos, social networks, shopping sites or other undesirable or inappropriate content and applications from being accessed.
  • Signature and heuristics-based malware protection against zero-day threats, viruses, worms, Trojan horses, botnets, unknown malware, and new infections.
  • Malware scans, URL filtering on the full URL path rather than only the top-level domain, and user redirect to a custom block page for HTTPS traffic similar to that of HTTP traffic.

Physical and virtual form factors

The Citrix SD-WAN hardware appliances support the different Citrix SD-WAN editions, common hardware components, and virtual appliance information. The various Citrix SD-WAN hardware platforms offer a wide range of features, virtual paths, and throughput. Citrix SD-WAN software supports all Citrix SD-WAN hardware platforms. Citrix SD-WAN VPX (virtual form factor) is available as a virtual instance in major cloud marketplaces (Azure, AWS, Google Cloud Platform) and as bring your own license.

Model 6100 4100 2100 1100 210 110 VPX VPX-L
Total Encrypted Throughput1
(License Term 1 or 3 Yr)
8 Gbps to 12 Gbps (4 Gbps to 6 Gbps)
4 Gbps to 6 Gbps (2 Gbps to 3 Gbps) 600 Mbps to 4 Gbps (300 Mbps to 2 Gbps) 400 Mbps to 1 Gbps (200 Mbps to 500 Mbps) 100 Mbps to 600 Mbps (50 Mbps to 300 Mbps) 40 Mbps to 400 Mbps (20 Mbps to 200 Mbps) 40 Mbps to 3 Gbps (20 Mbps to 1.5 Gbps) 40 Mbps to 3 Gbps (20 Mbps to 1.5 Gbps)
Max Virtual Paths (Static/Dynamic) 1000/32 550/32  256/32 64/32 16/4 8/4 16 (8 for 20 Mbps License) 256
Third-party Firewall (VNF)2       Palo Alto Next Gen Firewall or Check Point Firewall        
Citrix Cloud Direct       100 Mbps 10 Mbps to 20 Mbps      
Model 6100 2100 1100
Total Encrypted Throughput
(Licence Term 1 or 3 Yr)
6 Gbps or 8 Gbps
(3 Gbps or 4 Gbps)
600 Mbps or 1 Gbps or 2 Gbps 
(300 Mbps or 500 Mbps or 1 Gbps)
400 Mbps or 600 Mbps or 1 Gbps 
(200 Mbps or 300 Mbps or 500 Mbps)
Max Virtual Paths (Static/Dynamic) 1000/32 256/32 64/32
Optimized Application Capacity10, 19 500 Mbps 50 Mbps (300 Mbps License)
100 Mbps (Other Licenses)
10 Mbps (200 Mbps License)
20 Mbps (300 Mbps License)
50 Mbps (500 Mbps License)
Max HDX CCUs11 750 300 100 (200 Mbps License) or
300 (Other Licenses)
Max Accelerated TCP Sessions12
60,000 20,000 10,000

Next step

Schedule a 1:1 expert-led demo