Citrix SD-WAN data sheet

Citrix SD-WAN delivers the reliable, high-performance user experience your distributed workforce needs to do their best work anywhere. With Citrix SD-WAN, you can simplify your hybrid multi-cloud initiatives by optimizing applications and automating connectivity. Easily deploy robust security capabilities where you need them. And choose from the broadest choice in security with a unified security service, on-box advanced security, and integration with third-party best-of-breed firewalls.

A single cloud-based user interface makes it simple to manage your WAN, configure security policies, and monitor and prioritize applications. Citrix SD-WAN gives you the most flexibility with a range of physical and virtual form factors, you can deploy SD-WAN in public clouds, data centers, branches and home offices.

Citrix SD-WAN is a core capability of the Citrix unified approach to Secure Access Service Edge (SASE) along with zero-trust network access and cloud-delivered security for secure, reliable access to all applications anywhere from any device.

Why Citrix SD-WAN

  • Gartner number 1 for application experience optimization
    • Consistent experience for Citrix Virtual Apps and Desktops
  • Comprehensive security
    • All Gartner “core” and “recommended” SASE capabilities
  • Unified cloud-hosted management
    • Cloud-hosted networking and security from a single pane of glass
  • Reliable and resilient connectivity
    • Over any type of connectivity to cloud, SaaS and virtual apps
  • Consistent hybrid work models
    • For executives, heavy-data users, call center reps, ad-hoc workspaces

Explore Citrix SD-WAN features

Refer to the Citrix SD-WAN data sheet PDF for additional features and details.

Citrix SD-WAN includes an industry-leading application control engine with deep packet inspection enabling detection, classification, and acceleration of over 4,500 SaaS, cloud, and virtual applications and sub applications. With Citrix SD-WAN, you can deliver the best application experience through real-time, packet-based path selection and bi-directional QoS.

Data is delivered on a per packet basis. Packet-based forwarding reorders packets to mitigate changing WAN conditions in order to best steer traffic. Packet duplication, or racing, ensures high application performance for real-time applications such as voice by duplicating a session’s traffic across multiple paths. This means that no packets are lost and, as the first of the duplicate pair to arrive is used, each packet takes the lowest latency route. This allows for optimal application performance for just a small cost in bandwidth.

Dual-ended QoS measures latency, packet loss and jitter at both the sending end and destination. Administrators configure QoS globally from a single source and senders only send at the peers advertised receive rate. Unidirectional local measurements are shared with peer devices in the network. All sites get their fair share of bandwidth preventing oversubscription and wasted utilization.

Granular visibility into HDX user sessions and the proprietary Citrix ICA protocol distinguishes different channels of traffic such as in-band audio, display remoting, multimedia redirection, and printing and can granularly optimize critical traffic using Quality of Service (QoS) controls over a single-port architecture.

Citrix integrated admin workflow automates provisioning of SD-WAN for Azure-hosted Citrix Virtual Apps and Desktops and DaaS deployments.

Citrix SD-WAN integrates Microsoft APIs and follows Microsoft’s Office 365 connectivity principles to optimize traffic and send it directly to Microsoft cloud front doors. SD-WAN steers Teams audio-video traffic to Azure for enhanced reliability and performance or directly to the closest Office 365 front door. Untrusted traffic can be steered to a data center security stack or cloud-based secure web gateway for enforcement.

Citrix SD-WAN improves the application experience while reducing bandwidth expenses with features such as TCP optimization, compression, data de-duplication, and protocol optimization.

By deploying SD-WAN virtual instances in Microsoft Azure, AWS and Google Cloud Platform clouds with SD-WAN appliances on-premises, customers get link bonding, packet-based real-time path selection, QoS, and resiliency in case of congestion or power outages with zero interruption on user experience. On AWS, SD-WAN eases connectivity to VPCs with AWS Transit Gateway Connect integration, extends hybrid-cloud to on-premises with Outposts, modernizes the WAN for the cloud, provides real-time monitoring and insights, and leverages a massive global footprint and native access to a broad and deep set of traditional and emerging IT resources.

Enterprise-grade private network (middle mile) for SaaS provides optimized high-performance connections from the local last mile networks to a network of geographically distributed PoPs that peer with SaaS clouds via dedicated paths.

Citrix SD-WAN acts as an 802.1x Wi-Fi secure access point boosting bandwidth and ensuring resiliency by leveraging broadband and combining it with LTE ideal for at-home workers. USB and dongle LTE options give your network fast performance and reliability. It’s certified for operation on Verizon’s 4G/LTE network along with a host of others.

Citrix SD-WAN Orchestrator, the cloud-hosted management tool, enables customers and partners to centrally manage and monitor the WAN for security, control and visibility across the entire network with an intent-based approach. Quickly and easily deploy new sites on the network remotely with zero touch deployment. Simplify the time and effort to set up new locations with automated setup of cloud services, security policies, and applications with profiles, templates and cloning.

Physical and virtual form factors

The Citrix SD-WAN hardware appliances support the different Citrix SD-WAN editions, common hardware components, and virtual appliance information. The various Citrix SD-WAN hardware platforms offer a wide range of features, virtual paths, and throughput. Citrix SD-WAN software supports all Citrix SD-WAN hardware platforms. Citrix SD-WAN VPX (virtual form factor) is available as a virtual instance in major cloud marketplaces (Azure, AWS, Google Cloud Platform) and as bring your own license.

Model 6100 4100 2100 1100 210 110 VPX VPX-L
Total Encrypted Throughput1
(License Term 1 or 3 Yr)
8 Gbps to 12 Gbps (4 Gbps to 6 Gbps)
4 Gbps to 6 Gbps (2 Gbps to 3 Gbps) 600 Mbps to 4 Gbps (300 Mbps to 2 Gbps) 400 Mbps to 1 Gbps (200 Mbps to 500 Mbps) 100 Mbps to 600 Mbps (50 Mbps to 300 Mbps) 40 Mbps to 400 Mbps (20 Mbps to 200 Mbps) 40 Mbps to 3 Gbps (20 Mbps to 1.5 Gbps) 40 Mbps to 3 Gbps (20 Mbps to 1.5 Gbps)
Max Virtual Paths (Static/Dynamic) 1000/32 550/32  256/32 64/32 16/4 8/4 16 (8 for 20 Mbps License) 256
Third-party Firewall (VNF)2       Palo Alto Next Gen Firewall or Check Point Firewall        
Citrix Cloud Direct       100 Mbps 10 Mbps to 20 Mbps      
Model8 1100 410 210
Total Encrypted Throughput1 (License Term 1 or 3 Yr) 400 Mbps or 600 Mbps or 1 Gbps
(200 Mbps or 300 Mbps or 500 Mbps)
100 Mbps (Model:  410-050-AE)
200 Mbps (Model:  410-100-AE)
400 Mbps (Model:  410-200-AE)
600 Mbps (Model:  410-300-AE)
40 Mbps or 100 Mbps (20 Mbps or 50 Mbps)
Max Virtual Paths (Static/Dynamic) 64/32 24/8 16/4
Max Virtual Path Throughput with Edge Security 300 Mbps (200 Mbps License)
400 Mbps (300 Mbps License)
600 Mbps (500 Mbps License)
150 Mbps 40 Mbps (20 Mbps License)
60 Mbps (50 Mbps License)
Edge Security5 Throughput 50 Mbps (200 Mbps License)
100 Mbps (300 Mbps License)
200 Mbps (500 Mbps License)
50 Mbps 20 Mbps
IPS Throughput6 50 Mbps (200 Mbps License)
100 Mbps (300 Mbps License)
200 Mbps (500 Mbps License)
50 Mbps 20 Mbps

NGFW Throughput7, 9

50 Mbps (200 Mbps License)
100 Mbps (300 Mbps or 500 Mbps License)
50 Mbps 20 Mbps
Concurrent Sessions 30,000 7,100 4,400
Model 6100 2100 1100
Total Encrypted Throughput
(Licence Term 1 or 3 Yr)
6 Gbps or 8 Gbps
(3 Gbps or 4 Gbps)
600 Mbps or 1 Gbps or 2 Gbps 
(300 Mbps or 500 Mbps or 1 Gbps)
400 Mbps or 600 Mbps or 1 Gbps 
(200 Mbps or 300 Mbps or 500 Mbps)
Max Virtual Paths (Static/Dynamic) 1000/32 256/32 64/32
Optimized Application Capacity10, 19 500 Mbps 50 Mbps (300 Mbps License)
100 Mbps (Other Licenses)
10 Mbps (200 Mbps License)
20 Mbps (300 Mbps License)
50 Mbps (500 Mbps License)
Max HDX CCUs11 750 300 100 (200 Mbps License) or
300 (Other Licenses)
Max Accelerated TCP Sessions12
60,000 20,000 10,000
Model10 Optimized WAN Capacity VPX 2-WO
2 Mbps
6 Mbps
10 Mbps
20 Mbps
50 Mbps
VPX 100-WO
100 Mbps
VPX 200-WO
200 Mbps
QoS/Unaccelerate Throughput Limit 15 Mbps 50 Mbps 75 Mbps 150 Mbps 250 Mbps 250 Mbps 300 Mbps
Max HDX CCUs11
(Concurrent SD-WAN Client Plug-Ins)
20 60


100 100 100 100 100
Max Accelerated TCP Sessions12 5,000 5,000 5,000 10,000 10,000 20,000 30,000
Video Caching and Networking Cloud  Connector13              
Memory Hard Drive15 6 GB
100 GB
6 GB
250 GB
6 GB
250 GB
6 GB
250 GB
8 GB
500 GB
16 GB
500 GB
Virtual CPU 1X Citrix Hypervisor & 2X VMware vSphere (<2.33 GHz) 2-4X Citrix Hypervisor, Microsoft Hyper-V & VMware vSphere (> 2.33 GHz) 2-4X Citrix Hypervisor, Microsoft Hyper-V & VMware vSphere (> 2.33 GHz) 2-4X Citrix Hypervisor, Microsoft Hyper-V & VMware vSphere (> 2.33 GHz) 2-4X Citrix Hypervisor, Microsoft Hyper-V & VMware vSphere (> 2.33 GHz) 2-4X Citrix Hypervisor, Microsoft Hyper-V & VMware vSphere (> 2.33 GHz) 2-4X Citrix Hypervisor, Microsoft Hyper-V & VMware vSphere (~3.0 GHz)

Total encrypted throughput refers to full duplex total amount of bandwidth that the appliance model is licensed for, both upstream and downstream, and is based on AES-128 encryption.

2 Palo Alto Networks and Checkpoint Next Generation Firewall (NGFW) can be hosted as VNF on Citrix SD-WAN 1100 SE.

3 Cloud server types are the minimum recommended server size to support the listed performance numbers for each model.

4 With a Citrix SD-WAN subscription and a Citrix Virtual Apps & Desktops Standard for Azure subscription, customers are entitled to use Citrix SD-WAN VPX in the Azure subscription hosting the CVAD workloads with no additional licensing fee if the Azure subscription is Citrix-managed.

5 Edge security throughput refers to total amount of NGFW bandwidth that the appliance model can be licensed for.

6 Total throughput measured with IPS enabled.

7 Total NGFW throughput measured with Firewall, IPS URL-Filtering, and Anti-malware enabled.

8 Advanced Security also available on 410 SE (End of Sale) for existing customers through add-on licenses. Advanced Security is not supported in MCN mode.

9 SSL Inspection is a compute intense operation. Enabling SSL Inspection will lead to performance degradation and latency.

10 Some protocols (ICA, for example) can limit the processing capacity of the appliance before the licensed bandwidth is reached.

11 User count is based upon a medium-level workload as defined by Login VSI and Virtual Desktops/Apps advanced encryption security. User count is limited by link bandwidth and TCP session counts. No user count is enforced. Published numbers are for guidance purposes only.

12 TCP session count will be reduced by active HDX sessions. No session count is enforced. Published numbers are for guidance purposes.

13 For Citrix SD-WAN appliances, the Citrix Networking Cloud Connector is delivered as a separate software appliance.

14 The VPX images are qualified to run on both Intel and AMD processors.

15 For best performance, use solid state drives or high IOPs storage devices.

16 Models using HDD (Hard Disk Drive) and SSD (Solid State Drive) are indicated accordingly.

17 Wi-Fi Signal strength will be impaired and Wi-Fi connection to the appliance may not even be possible. Installation onto a shelf in a metal rack is not recommended.

18 Extender cables required to remotely locate the LTE Antennas.

19 Only outbound WAN traffic is counted against the licensed bandwidth. Inbound QoS and/or unaccelerated traffic does not count against the licensed bandwidth. Total inbound optimizable traffic should not exceed this threshold.

Next step

Schedule a 1:1 expert-led demo