Citrix SD-WAN data sheet

Citrix SD-WAN includes an industry-leading application control engine with deep packet inspection enabling detection, classification, and acceleration of over 4,500 SaaS, cloud, and virtual applications and sub applications. With Citrix SD-WAN, you can deliver the best application experience through real-time, packet-based path selection and bi-directional QoS.

Data is delivered on a per packet basis. Packet-based forwarding reorders packets to mitigate changing WAN conditions in order to best steer traffic. Packet duplication, or racing, ensures high application performance for real-time applications such as voice by duplicating a session’s traffic across multiple paths. This means that no packets are lost and, as the first of the duplicate pair to arrive is used, each packet takes the lowest latency route. This allows for optimal application performance for just a small cost in bandwidth.

Dual-ended QoS measures latency, packet loss and jitter at both the sending end and destination. Administrators configure QoS globally from a single source and senders only send at the peers advertised receive rate. Unidirectional local measurements are shared with peer devices in the network. All sites get their fair share of bandwidth preventing oversubscription and wasted utilization.

Citrix SD-WAN integrates Microsoft APIs and follows Microsoft’s Office 365 connectivity principles to optimize traffic and send it directly to Microsoft cloud front doors. SD-WAN steers Teams audio-video traffic to Azure for enhanced reliability and performance or directly to the closest Office 365 front door. Untrusted traffic can be steered to a datacenter security stack or cloud-based secure web gateway for enforcement.

Citrix SD-WAN improves the application experience while reducing bandwidth expenses with features such as TCP optimization, compression, data de-duplication, and protocol optimization.

By deploying SD-WAN virtual instances in Microsoft Azure, AWS and Google Cloud Platform clouds with SD-WAN appliances on-premises, customers get link bonding, packet-based real-time path selection, QoS, and resiliency in case of congestion or power outages with zero interruption on user experience. On AWS, SD-WAN eases connectivity to VPCs with AWS Transit Gateway Connect integration, extends hybrid-cloud to on-premises with Outposts, modernizes the WAN for the cloud, provides real-time monitoring and insights, and leverages a massive global footprint and native access to a broad and deep set of traditional and emerging IT resources.

Enterprise-grade private network (middle mile) for SaaS provides optimized high-performance connections from the local last mile networks to a network of geographically distributed PoPs that peer with SaaS clouds via dedicated paths.

Citrix SD-WAN acts as an 802.1x Wi-Fi secure access point boosting bandwidth and ensuring resiliency by leveraging broadband and combining it with LTE ideal for at-home workers. USB and dongle LTE options give your network fast performance and reliability. It’s certified for operation on Verizon’s 4G/LTE network along with a host of others.

Citrix SD-WAN Orchestrator, the cloud-hosted management tool, enables customers and partners to centrally manage and monitor the WAN for security, control and visibility across the entire network with an intent-based approach. Quickly and easily deploy new sites on the network remotely with zero touch deployment. Simplify the time and effort to set up new locations with automated setup of cloud services, security policies, and applications with profiles, templates and cloning.

A built-in ICSA certified stateful firewall and automatically connect to your choice of several cloud security platforms, including Zscaler, Palo Alto Networks Prisma Access or host NGFW VNFs like Palo Alto Networks VM-Series directly on the SD-WAN branch appliance.

Holistic edge security — designed to protect the WAN edge —is available on the Citrix SD-WAN branch appliance so you can leverage direct internet paths.

Integrated edge security features including signature-based IDS and IPS; web filtering; SSL inspection; and malware protection for HTTP, FTP and SMTP bring:

• More than 26,000 IDS/IPS signatures with automatic updates.
• Category based Web filter policies to block porn, gambling, videos, social networks, shopping sites or other undesirable or inappropriate content and applications from being accessed.
• Signature and heuristics-based malware protection against zero-day threats, viruses, worms, Trojan horses, botnets, unknown malware, and new infections.
• Malware scans, URL filtering on the full URL path rather than only the top-level domain, and user redirect to a custom block page for HTTPS traffic similar to that of HTTP traffic.