Citrix SD-WAN data sheet

Citrix SD-WAN is a next-generation WAN Edge solution that simplifies digital transformation for enterprises. It offers comprehensive security, the best application experience for SaaS, cloud, and virtual apps and desktops, and cloud choice with automation to ensure an always-on workspace.

Why Citrix SD-WAN

  • Ability to detect, classify and accelerate over 4,500 SaaS, cloud, and virtual applications and sub applications
  • Integrated branch security with options for next-generation firewall and cloud-based secure web gateway
  • Real-time, packet-based traffic handling routes traffic on the most optimal links
  • Traffic shaping and bi-directional QoS on diverse, bonded links to optimize performance
  • Sub-second failover ensures the highest network resiliency
  • Integration with Citrix Virtual Apps and Desktops for automated fine-grained QoS and deep visibility into HDX/ICA traffic

Explore Citrix SD-WAN features

Citrix SD-WAN includes an industry-leading Application Control Engine with deep packet inspection enabling detection, classification, and acceleration of over 4,500 SaaS, cloud, and virtual applications and sub applications. Enjoy the freedom of deployment on your choice of public cloud or in conjunction with SaaS applications. With Citrix SD-WAN, you can deliver the best application experience through real-time, packet-based path selection and bi-directional QoS. And ensure an always-on workspace with the highest network resiliency through sub-second failover.

Citrix SD-WAN provides an alternative to the legacy edge router, enabling a simpler branch network with lower infrastructure and support costs. Multiple overlay routed networks can be software defined, with separate policies and security rules applied to each. With dynamic routing, Citrix SD-WAN provides easy network insertion through either inline or edge routed modes for a streamlined branch network with assured application delivery.

Citrix SD-WAN creates a reliable WAN from diverse network links, including MPLS, broadband, and 4G/LTE, continuously measuring and monitoring each link in real time for loss, latency, jitter and congestion. Link outages and errors are mitigated by Citrix SD-WAN’s intelligent load balancing to match applications to optimal WAN links, resulting in reliable performance. Selective packet replication for real-time and other latency-sensitive applications ensures consistent experience.

Citrix SD-WAN brings strong data protection to the network with a built-in, application-aware stateful firewall that is integrated with application QoS to allow centrally-defined security policies to limit or reject application traffic. Users and traffic can be segmented into different zones, allowing different policies to be applied per zone. Citrix SD-WAN also provides strong encryption using HTTPS/TLS and AES 256 to provide security across the control and data planes. And optional, next-generation firewall capabilities can be added as a virtualized network function (VNF) on select SD-WAN appliances. Creation of IPsec tunnels can be automated from the branch to Zscaler Secure Internet Gateway or Palo Alto Networks Prisma Access to simplify operations.

Citrix SD-WAN Cloud Direct service enables resilient, high performance access from SD-WAN sites to over 1,000 of SaaS and UCaaS platforms and 150 major network and cloud exchanges. This turnkey service deploys in minutes and provides centralized management with real-time visibility. Citrix SD-WAN Cloud Direct service intelligently load balances and QoS optimizes up to four Internet links into redundant carrier-grade points-of-presence (PoPs), with “hit-less” failover which mitigates internet circuit outages—even those difficult-to-detect brown-out conditions—without disrupting any applications.

Citrix SD-WAN improves application experience while reducing bandwidth expenses with features such as TCP optimization, compression, data de-duplication, and protocol optimization.

Citrix SD-WAN Orchestrator, a SaaS-based provisioning and management solution, enables customers and partners to centrally manage and monitor users, permissions, applications, and WAN links for control and visibility across the entire network, and to optimize the quality of experience for applications. Quickly and easily deploy new sites on the network with zero touch deployment. Simplify the time and effort to set up new locations with automated setup of cloud services, security, and applications.

Appliance 6100 SE 5100 SE
Model 6100-4000-SE  6100-5000-SE  6100-6000-SE 5100-4000-SE 5100-5000-SE 5100-6000 SE
Total throughput3 8 Gbps 10 Gbps 12  Gbps 8 Gbps 10 Gbps 12 Gbps
Max virtual paths (static/dynamic)
1000 1000 1000 550/32
550/32 550/32
Appliance 4100 SE
2100 SE
Model 4100-2000-SE 4100-3000-SE 2100-0300-SE 2100-0500-SE 2100-01000-SE 2100-2000-SE
Total throughput3 4 Gbps 6 Gbps 600 Gbps 1 Gbps 2 Gbps 4 Gbps
Max virtual paths (static/dynamic)
550/32 550/32 256/32 256/32 256/32 256/32
Appliance 1100 SE
Model 1100-200-SE 1100-300-SE
1100-500-SE
Total throughput3 400 Mbps 600 Mbps
1 Gbps
Max virtual paths (static/dynamic) 64/32 64/32 64/32
Appliance 210/210 LTE SE (R1/R2/RC)
Model 210-020-SE 210-050-SE 210-100-SE 210-200-SE 210-300-SE
Total throughput3 40 Mbps 100 Mbps 200 Mbps 400 Mbps 600 Mbps
Max virtual paths (static/dynamic) 16/4 16/4 16/4 16/4 16/4
Appliance 110 SE/110 LTE WiFi SE
Model 110-20-SE 110-50-SE 110-100-SE
Total throughput3 40 Mbps 100 Mbps 200 Mbps
Max virtual paths (static/dynamic) 8/4 8/4 8/4
Appliance VPX SE
Model VPX-020-SE VPX-050-SE VPX-100-SE VPX-200-SE VPX-500-SE VPX-1000-SE
Total throughput3 40 Mbps 100 Mbps 200 Mbps 400 Mbps 1 Gbps 2 Gbps
Maximum virtual paths 8 16 16 16 16 16
Hypervisor Citrix Hypervisor, VMWare, HyperV, KVM
Clouds1 AWS, Azure, Google Cloud Platform
Appliance VPX-L SE
Model VPX-L-020-SE VPX-L-050-SE VPX-L-100-SE VPX-L-200-SE VPX-L-500-SE VPX-L-1000-SE
Total throughput3 40 Mbps 100 Mbps 200 Mbps 400 Mbps 1 Gbps 2 Gbps
Maximum virtual paths 256 256 256 256 256 256
Hypervisor Citrix Hypervisor, VMWare, HyperV, KVM
Clouds1 AWS, Azure, Google Cloud Platform
Software Features
Application Performance Per Packet/App Steering, Packet Duplication, Packet Retransmissions, Dual-ended QoS, Application QoE, Per App Business Policies for over 4000 apps, Citrix HDX/ICA Integration
Authentication Local Database, RADIUS, TACACS+
Cloud WAN Azure Virtual WAN, Teridion
Configuration Zero Touch Deployment Service, GUI, Customizable Dashboards and Templates, REST API
Deployment In-line Overlay, One-armed Overlay, Edge Gateway, Cloud
High Availability Parallel Inline HA, Fail-to-Wire HA, One-Arm HA, VRRP, Geo-Redundant HA
Layer 2 VLAN (802.1Q), Bridging, SVI, PPPoE
Link Management Transport Agnostic, Bi-Directional Link Monitoring, Link Bonding, Metered Links, StandBy Links, Link of Last-Resort
Manageability SD-WAN Cloud Orchestrator, On-Prem SD-WAN Center, SD-WAN Center in AWS and Azure, CLI, SNMP V3, DHCP Server/Relay/Client, DNS Forwarder, Syslog, NetFlow, IPFIX, REST API
Mobile Broadband 3G/4G/LTE, Zero Touch Deployment over LTE, Authentication Types – PAP/ CHAP/ PAPCHAP, SIM lock/unlock,  Support for Antenna Extenders
Network Encryption

128 bit AES, 256 bit AES, IPsec

QoS Scheduling, Shaping, Classification, Remarking, HDX AutoQoS
Routing eBGP, iBGP, OSPF, Static, Multicast
SaaS/IaaS Optimized O365 Breakout, AWS, Azure
Security – Cloud Zscaler, Palo Alto Global Protect Cloud Service (GPCS)
Security – On-premises L4-7 Application Firewall, NAT, Secure Web Gateway Connectivity, FIPS Compliant
Tunnel Interfaces GRE, IPSec, Citrix Virtual Path

1 Cloud server types are the minimum recommended server size to support the listed performance numbers for each model.

3 Total throughput refers to total amount of bandwidth that the appliance model is licensed for, both upstream and downstream, and is based on AES-128 encryption.

Back to Standard Edition

Appliance
5100 PE 2100 PE
Model 5100-3000-PE 5100-4000-PE 2100-300-PE 2100-500-PE 2100-1000-PE
Total  encrypted throughput3 6 Gbs 8 Gbps 600 Mbps 1 Gbps 2 Gbps
Maximum virtual paths (static/dynamic)
550/32
550/32 256/32 256/32 256/32
Optimized WAN capacity4.5
500 Mbps
500 Mbps 50 Mbps 100 Mbps 100 Mbps
Maximum HDX CCUs6
750 750 300 300 300
Maximum Accelerated TCP sessions7
60,000
60,000 20,000 20,000 20,000
Appliance 1100-PE
Model 1100-200-PE 1100-300-PE
1100-500-PE
Total  encrypted throughput3 400 Mbps 600 Mbps 1 Gbps
Maximum virtual paths (static/dynamic)

64/32

64/32 64/32
Optimized WAN capacity4.5
10 Mbps 20 Mbps 50 Mbps
Maximum HDX CCUs6
100 300 300
Maximum Accelerated TCP sessions7
10,000 10,000 10,000
Software Features
Application Performance Per Packet/App Steering, Packet Duplication, Packet Retransmissions, Dual-ended QoS, Application QoE, Per App Business Policies for over 4000 apps, Citrix HDX/ICA Integration
Authentication Local Database, RADIUS, TACACS+
Cloud WAN Azure Virtual WAN, Teridion
Configuration Zero Touch Deployment Service, GUI, Customizable Dashboards and Templates, REST API
Deployment In-line Overlay, One-armed Overlay, Edge Gateway, Cloud
High Availability Parallel Inline HA, Fail-to-Wire HA, One-Arm HA, VRRP, Geo-Redundant HA
Layer 2 VLAN (802.1Q), Bridging, SVI, PPPoE
Link Management Transport Agnostic, Bi-Directional Link Monitoring, Link Bonding, Metered Links, StandBy Links, Link of Last-Resort
Manageability SD-WAN Cloud Orchestrator, On-Prem SD-WAN Center, SD-WAN Center in AWS and Azure, CLI, SNMP V3, DHCP Server/Relay/Client, DNS Forwarder, Syslog, NetFlow, IPFIX, REST API
Mobile Broadband 3G/4G/LTE, Zero Touch Deployment over LTE, Authentication Types – PAP/ CHAP/ PAPCHAP, SIM lock/unlock,  Support for Antenna Extenders
Network Encryption

128 bit AES, 256 bit AES, IPsec

QoS Scheduling, Shaping, Classification, Remarking, HDX AutoQoS
Routing eBGP, iBGP, OSPF, Static, Multicast
SaaS/IaaS Optimized O365 Breakout, AWS, Azure
Security – Cloud Zscaler, Palo Alto Global Protect Cloud Service (GPCS)
Security – On-premises L4-7 Application Firewall, NAT, Secure Web Gateway Connectivity, FIPS Compliant
Tunnel Interfaces GRE, IPSec, Citrix Virtual Path

3 Total throughput refers to total amount of bandwidth that the appliance model is licensed for, both upstream and downstream, and is based on AES-128 encryption.

Back to Premium Edition appliances

Appliance 5100 WANOP 4100 WANOP
Model 5100-1500-WO 5200-2000-WO 4100-310-WO 4100-500-WO 4100-1000-WO
Optimized WAN capacity8,9 1.5 Gbps 2 Gbps
310 Mbps
500 Mbps
1 Gbps
QoS/unaccelerated bandwidth limit 2 Gbps 4 Gbps 500 Mbps 1 Gbps 2 Gbps
Maximum HDX CCUs 3,500 5,000 750 1,200 2,500
Maximum Accelerated TCP sessions11
120,000 160,000 40,000 60,000 120,000
Concurrent Citrix SD-WAN client plug-ins
3,600 4,800 1,100 1,800 3,600
Video caching            
WCCP clustering  
Networking Cloud Connector
Group Mode          
Appliance   3000 WANOP   2000 WANOP
Model 3000-050-WO  3000-100-WO  3000-155-WO 2000-010 2000-020
2000-050
Optimized WAN capacity8,9 50 Mbps 100 Mbps 155 Mbps 10 Mbps
20 Mbps
50 Mbps
QoS/unaccelerated bandwidth limit 500 Mbps 500 Mbps 500 Mbps 200 Mbps
200 Mbps 200 Mbps
Maximum HDX CCus10 300 400 500 100 200 300
Maximum Accelerated TCP sessions11 50,000 50,000 50,000 20,000 20,000 20,000
Concurrent Citrix SD-WAN client plug-ins 750 1,000 1,200 100
200 750
Video caching
WCCP clustering
Networking Cloud Connector            
Group mode
Appliance 1000 WANOP 800 WANOP
Model 1000-006-WO  1000-010-WO 1000-020-WO 800-002 800-006 800-010
Optimized WAN capacity8,9 6 Mbps 10 Mbps 20 Mbps 2 Mbps
6 Mbps
10 Mbps
QoS/unaccelerated bandwidth limit 50 Mbps 50 Mbps 50 Mbps 50 Mbps
50 Mbps 50 Mbps
Maximum HDX CCus10 60 100 200 20 60 100
Maximum Accelerated TCP sessions11 10,000 10,000 10,000 10,000 10,000 10,000
Concurrent Citrix SD-WAN client plug-ins            
Video caching
WCCP clustering
Networking Cloud Connector            
Group mode
Appliance VPX
Model VPX 2-WO VPX 6-WO
VPX 10-WO
VPX 20-WO
VPX 50-WO
VPX 100-WO
VPX 200-WO
Optimized WAN capacity16,17
2 Mbps 6 Mbps 10 Mbps 20 Mbps
50 Mbps 100 Mbps 200 Mbps
QoS/unaccelerated bandwidth limit 15 Mbps 50 Mbps 75 Mbps 150 Mbps 250 Mbps 250 Mbps 300 Mbps
Maximum HDX CCUs18
20 60 100 200 300 400 500
Total TCP sessions19 5,000 5,000 5,000 10,000 10,000 20,000 30,000
Concurrent Citrix SD-WAN client plug-ins
20 60 100 200 300 400 500
Video caching    
WCCP clustering        
Networking Cloud Connector20
Group mode
             
Hypervisor XenServer 5.5 - 6.2 , Hyper-V 2008R2SP1 - 2012 , ESX/ESXi 4.1-6.0
Processor Dual core (quad core recommended) Intel VTx or AMD-V 64-bit x86
Memory 6 GB 6 GB 6 GB 6 GB 6 GB 8 GB 16 GB
Virtual CPU 1 x Citrix Hypervisor
& 2 x Vmware
vSphere
(>2.33GHz)
2-4 x Citrix Hypervisor,Hyper-V & VMware vSphere (>2.33GHz) 2-4 x Citrix Hypervisor,
Hyper-V &
VMWare vSphere
(~3.0GHz)
Hard drive22
100
GB
100 GB 250 GB
250
GB
250
GB
500
GB
500
GB
Network interface 2 virtual NIC's

4, 8, 16 Only outbound WAN traffic is counted against the licensed bandwidth (Mbps or Gbps purchased). QoS and / or unaccelerated traffic do not count against the licensed bandwidth. Unaccelerated and QoS traffic can, however, impact the total amount of outbound accelerated traffic.

5, 9, 17 Some protocols (for example ICA) can limit the processing capacity of the appliance before the licensed bandwidth is reached.

14 User count is based upon a medium level workload as defined by Login VSI and Citrix Virtual Apps and Desktops / Citrix Virtual Apps advanced encryption security. User count is limited by link bandwidth and TCP session counts. No user count is enforced. Published numbers are for guidance purposes only.

15 TCP session count will be reduced by active HDX sessions. No session count is enforced. Published numbers are for guidance purposes.

16 Only outbound WAN traffic is counted against the licensed bandwidth (Mbps or Gbps purchased). QoS and / or unaccelerated traffic do not count against the licensed bandwidth. Unaccelerated and QoS traffic can, however, impact the total amount of outbound accelerated traffic.

17 Some protocols (for example ICA) can limit the processing capacity of the appliance before the licensed bandwidth is reached.

18 User count is based upon a medium level workload as defined by Login VSI and Citrix Virtual Apps and Desktops / Citrix Virtual Apps advanced encryption security. User count is limited by link bandwidth and TCP session counts. No user count is enforced. Published numbers are for guidance purposes only.

19 TCP session count will be reduced by active HDX sessions. No session count is enforced. Published numbers are for guidance purposes.

20 For Citrix SD-WAN appliances, the Networking Cloud Connector is delivered as a separate software appliance.

21 The VPX images are qualified to run on Intel processors only.

22 For best performance, use solid state drives or high IOPs storage devices.

26210-LTE-RC: EMC Certifications include CCC, NAL, SRRC – FCC (Part 15 Class A), CE, CITC, EAC, ENACOM, IFT 210-LTE-R2: EMC certifications include – FCC (Part 15 Class A), CE, Anatel, BIS, BSMI, CITC, EAC, ICASA, MIC, NTC, RAA, RCM

Back to WANOP Edition

Next step

Schedule a 1:1 expert-led demo