Citrix SD-WAN is a next-generation WAN Edge solution that simplifies digital transformation for enterprises. It offers comprehensive security, the best application experience for SaaS, cloud, and virtual apps and desktops, and cloud choice with automation to ensure an always-on workspace.
Citrix SD-WAN includes an industry-leading Application Control Engine with deep packet inspection enabling detection, classification, and acceleration of over 4,500 SaaS, cloud, and virtual applications and sub applications. Enjoy the freedom of deployment on your choice of public cloud or in conjunction with SaaS applications. With Citrix SD-WAN, you can deliver the best application experience through real-time, packet-based path selection and bi-directional QoS. And ensure an always-on workspace with the highest network resiliency through sub-second failover.
Citrix SD-WAN provides an alternative to the legacy edge router, enabling a simpler branch network with lower infrastructure and support costs. Multiple overlay routed networks can be software defined, with separate policies and security rules applied to each. With dynamic routing, Citrix SD-WAN provides easy network insertion through either inline or edge routed modes for a streamlined branch network with assured application delivery.
Citrix SD-WAN creates a reliable WAN from diverse network links, including MPLS, broadband, and 4G/LTE, continuously measuring and monitoring each link in real time for loss, latency, jitter and congestion. Link outages and errors are mitigated by Citrix SD-WAN’s intelligent load balancing to match applications to optimal WAN links, resulting in reliable performance. Selective packet replication for real-time and other latency-sensitive applications ensures consistent experience.
Citrix SD-WAN brings strong data and app protection to the network with a built-in, comprehensive security stack that enables adoption of local internet breakout and protect branch to branch propagation of threats. The edge security stack provides web filtering, IDS/IPS and malware protection to guard against threats without compromising performance. Simplify deployment, management and monitoring through a cloud-managed single pane of glass to ease policy creation centrally. Citrix SD-WAN also provides strong encryption using HTTPS/TLS and AES 256 to provide security across the control and data planes. And optional, next-generation firewall capabilities can be added as a virtualized network function (VNF) on select SD-WAN appliances. Automate the creation of IPsec tunnels from the branch to Zscaler Secure Internet Gateway or Palo Alto Networks Prisma Access to simplify operations.
Citrix SD-WAN Cloud Direct service enables resilient, high performance access from SD-WAN sites to over 1,000 of SaaS and UCaaS platforms and 150 major network and cloud exchanges. This turnkey service deploys in minutes and provides centralized management with real-time visibility. Citrix SD-WAN Cloud Direct service intelligently load balances and QoS optimizes up to four Internet links into redundant carrier-grade points-of-presence (PoPs), with “hit-less” failover which mitigates internet circuit outages—even those difficult-to-detect brown-out conditions—without disrupting any applications.
Citrix SD-WAN improves application experience while reducing bandwidth expenses with features such as TCP optimization, compression, data de-duplication, and protocol optimization.
Citrix SD-WAN Orchestrator, a SaaS-based provisioning and management solution, enables customers and partners to centrally manage and monitor users, permissions, applications, and WAN links for control and visibility across the entire network, and to optimize the quality of experience for applications. Quickly and easily deploy new sites on the network with zero touch deployment. Simplify the time and effort to set up new locations with automated setup of cloud services, security, and applications. Automate the setup of cloud services, security, and applications.
Appliance | 4100 SE |
2100 SE | ||||
---|---|---|---|---|---|---|
Model | 4100-2000-SE | 4100-3000-SE | 2100-0300-SE | 2100-0500-SE | 2100-01000-SE | 2100-2000-SE |
Total throughput3 | 4 Gbps | 6 Gbps | 600 Mbps | 1 Gbps | 2 Gbps | 4 Gbps |
Max virtual paths (static/dynamic) |
550/32 | 550/32 | 256/32 | 256/32 | 256/32 | 256/32 |
Appliance | 1100 SE | ||
---|---|---|---|
Model | 1100-200-SE | 1100-300-SE |
1100-500-SE |
Total throughput3 | 400 Mbps | 600 Mbps |
1 Gbps |
Max virtual paths (static/dynamic) | 64/32 | 64/32 | 64/32 |
Appliance | 210/210 LTE SE (R1/R2/RC) |
||||
---|---|---|---|---|---|
Model | 210-020-SE | 210-050-SE | 210-100-SE | 210-200-SE | 210-300-SE |
Total throughput3 | 40 Mbps | 100 Mbps | 200 Mbps | 400 Mbps | 600 Mbps |
Max virtual paths (static/dynamic) | 16/4 | 16/4 | 16/4 | 16/4 | 16/4 |
Appliance | 110 SE/110 LTE WiFi SE, 110 LTE Wi-Fi SE |
|||
---|---|---|---|---|
Model | 110-20-SE | 110-50-SE | 110-100-SE | 110-20-SE |
Total throughput3 | 40 Mbps | 100 Mbps | 200 Mbps | 400 Mbps |
Max virtual paths (static/dynamic) | 8/4 | 8/4 | 8/4 | 8/4 |
Appliance | VPX SE | |||||
---|---|---|---|---|---|---|
Model | VPX-020-SE | VPX-050-SE | VPX-100-SE | VPX-200-SE | VPX-500-SE | VPX-1000-SE |
Total throughput3 | 40 Mbps | 100 Mbps | 200 Mbps | 400 Mbps | 1 Gbps | 2 Gbps |
Maximum virtual paths | 8 | 16 | 16 | 16 | 16 | 16 |
Hypervisor | Citrix Hypervisor, VMWare, HyperV, KVM | |||||
Clouds1 | AWS, Azure, Google Cloud Platform |
Appliance | VPX-L SE | ||||||
---|---|---|---|---|---|---|---|
Model | VPX-L-020-SE | VPX-L-050-SE | VPX-L-100-SE | VPX-L-200-SE | VPX-L-500-SE | VPX-L-1000-SE | VPX-L 1500-SE |
Total throughput3 | 40 Mbps | 100 Mbps | 200 Mbps | 400 Mbps | 1 Gbps | 2 Gbps | 3 Gbps |
Maximum virtual paths | 128 | 128 | 128 | 128 | 128 | 128 | 128 |
Hypervisor | Citrix Hypervisor, VMWare, HyperV, KVM | ||||||
Clouds1 | AWS, Azure, Google Cloud Platform |
Software Features |
|
---|---|
Application Performance | Per Packet/App Steering, Packet Duplication, Packet Retransmissions, Dual-ended QoS, Application QoE, Per App Business Policies for over 4000 apps, Citrix HDX/ICA Integration |
Authentication | Local Database, RADIUS, TACACS+ |
Cloud WAN | Azure Virtual WAN, Teridion |
Configuration | Zero Touch Deployment Service, GUI, Customizable Dashboards and Templates, REST API |
Deployment | In-line Overlay, One-armed Overlay, Edge Gateway, Cloud |
High Availability | Parallel Inline HA, Fail-to-Wire HA, One-Arm HA, VRRP, Geo-Redundant HA |
Layer 2 | VLAN (802.1Q), Bridging, SVI, PPPoE |
Link Management | Transport Agnostic, Bi-Directional Link Monitoring, Link Bonding, Metered Links, StandBy Links, Link of Last-Resort |
Manageability | SD-WAN Cloud Orchestrator, On-Prem SD-WAN Center, SD-WAN Center in AWS and Azure, CLI, SNMP V3, DHCP Server/Relay/Client, DNS Forwarder, Syslog, NetFlow, IPFIX, REST API |
Mobile Broadband | 3G/4G/LTE, Zero Touch Deployment over LTE, Authentication Types – PAP/ CHAP/ PAPCHAP, SIM lock/unlock, Support for Antenna Extenders |
Network Encryption | 128 bit AES, 256 bit AES, IPsec |
QoS | Scheduling, Shaping, Classification, Remarking, HDX AutoQoS |
Routing | eBGP, iBGP, OSPF, Static, Multicast |
SaaS/IaaS | Optimized O365 Breakout, AWS, Azure |
Security – Cloud | Zscaler, Palo Alto Global Protect Cloud Service (GPCS) |
Security – On-premises | L4-7 Application Firewall, NAT, Secure Web Gateway Connectivity, FIPS Compliant |
Tunnel Interfaces | GRE, IPSec, Citrix Virtual Path |
1 Cloud server types are the minimum recommended server size to support the listed performance numbers for each model.
3 Total throughput refers to total amount of bandwidth that the appliance model is licensed for, both upstream and downstream, and is based on AES-128 encryption.
Appliance | 1100 AE | ||
---|---|---|---|
Model | 11000-200-AE | 1100-300-AE | 1100-500-AE |
Total encrypted throughput1 | 400 Mbps | 600 Mbps | 1000 Mbps |
Max virtual paths (static/dynamic) | 64/32 |
64/32 |
64/32 |
Max virtual path throughput with Edge security | 300 Mbps | 400 Mbps | 600 Mbps |
Edge security throughput8 | 50 Mbps | 100 Mbps | 200 Mbps |
IPS throughput9 | 50 Mbps | 100 Mbps | 200 Mbps |
NGFW throughput10 | 50 Mbps | 100 Mbps | 100 Mbps |
Concurrent sessions | 30,000 | 30,000 | 30,000 |
Appliance | 210/210 LTE AE | |
---|---|---|
Model | 210-020-AE | 210-050-AE |
Total encrypted throughput | 40 Mbps | 100 Mbps |
Max virtual paths (static/dynamic) | 16/4 |
16/4 |
Max virtual path throughput with Edge security | 40 Mbps | 60 Mbps |
Edge security throughput | 20 Mbps | 20 Mbps |
IPS throughput | 20 Mbps | 20 Mbps |
NGFW throughput | 20 Mbps | 20 Mbps |
Concurrent sessions | 4,400 | 4,400 |
1Total encrypted throughput refers to total amount of bandwidth that the appliance model is licensed for, both upstream and downstream, and is based on AES-128 encryption.
8Edge security throughput to refers to total amount of NGFW bandwidth that the appliance model can be licensed for.
9Total throughput measured with IPS enabled.
10Total NGFW throughput measured with Firewall, IPS URL-Filtering, and Anti-malware enabled.
Appliance | 1100-PE |
||
---|---|---|---|
Model | 1100-200-PE | 1100-300-PE |
1100-500-PE |
Total encrypted throughput3 | 400 Mbps | 600 Mbps | 1 Gbps |
Maximum virtual paths (static/dynamic) |
64/32 |
64/32 | 64/32 |
Optimized WAN capacity4.5 |
10 Mbps | 20 Mbps | 50 Mbps |
Maximum HDX CCUs6 |
100 | 300 | 300 |
Maximum Accelerated TCP sessions7 |
10,000 | 10,000 | 10,000 |
Software Features |
|
---|---|
Application Performance | Per Packet/App Steering, Packet Duplication, Packet Retransmissions, Dual-ended QoS, Application QoE, Per App Business Policies for over 4000 apps, Citrix HDX/ICA Integration |
Authentication | Local Database, RADIUS, TACACS+ |
Cloud WAN | Azure Virtual WAN, Teridion |
Configuration | Zero Touch Deployment Service, GUI, Customizable Dashboards and Templates, REST API |
Deployment | In-line Overlay, One-armed Overlay, Edge Gateway, Cloud |
High Availability | Parallel Inline HA, Fail-to-Wire HA, One-Arm HA, VRRP, Geo-Redundant HA |
Layer 2 | VLAN (802.1Q), Bridging, SVI, PPPoE |
Link Management | Transport Agnostic, Bi-Directional Link Monitoring, Link Bonding, Metered Links, StandBy Links, Link of Last-Resort |
Manageability | SD-WAN Cloud Orchestrator, On-Prem SD-WAN Center, SD-WAN Center in AWS and Azure, CLI, SNMP V3, DHCP Server/Relay/Client, DNS Forwarder, Syslog, NetFlow, IPFIX, REST API |
Mobile Broadband | 3G/4G/LTE, Zero Touch Deployment over LTE, Authentication Types – PAP/ CHAP/ PAPCHAP, SIM lock/unlock, Support for Antenna Extenders |
Network Encryption | 128 bit AES, 256 bit AES, IPsec |
QoS | Scheduling, Shaping, Classification, Remarking, HDX AutoQoS |
Routing | eBGP, iBGP, OSPF, Static, Multicast |
SaaS/IaaS | Optimized O365 Breakout, AWS, Azure |
Security – Cloud | Zscaler, Palo Alto Global Protect Cloud Service (GPCS) |
Security – On-premises | L4-7 Application Firewall, NAT, Secure Web Gateway Connectivity, FIPS Compliant |
Tunnel Interfaces | GRE, IPSec, Citrix Virtual Path |
3 Total throughput refers to total amount of bandwidth that the appliance model is licensed for, both upstream and downstream, and is based on AES-128 encryption.
Appliance | 3000 WANOP | 2000 WANOP | |||||
---|---|---|---|---|---|---|---|
Model | 3000-050-WO | 3000-100-WO | 3000-155-WO | 2000-010 | 2000-020 |
2000-050 |
|
Optimized WAN capacity8,9 | 50 Mbps | 100 Mbps | 155 Mbps | 10 Mbps |
20 Mbps |
50 Mbps | |
QoS/unaccelerated bandwidth limit | 500 Mbps | 500 Mbps | 500 Mbps | 200 Mbps |
200 Mbps | 200 Mbps | |
Maximum HDX CCus10 | 300 | 400 | 500 | 100 | 200 | 300 | |
Maximum Accelerated TCP sessions11 | 50,000 | 50,000 | 50,000 | 20,000 | 20,000 | 20,000 | |
Concurrent Citrix SD-WAN client plug-ins | 750 | 1,000 | 1,200 | 100 |
200 | 750 | |
Video caching | |||||||
WCCP clustering | |||||||
Networking Cloud Connector | |||||||
Group mode |
Appliance | 1000 WANOP | 800 WANOP | ||||
---|---|---|---|---|---|---|
Model | 1000-006-WO | 1000-010-WO | 1000-020-WO | 800-002 | 800-006 | 800-010 |
Optimized WAN capacity8,9 | 6 Mbps | 10 Mbps | 20 Mbps | 2 Mbps |
6 Mbps |
10 Mbps |
QoS/unaccelerated bandwidth limit | 50 Mbps | 50 Mbps | 50 Mbps | 50 Mbps |
50 Mbps | 50 Mbps |
Maximum HDX CCus10 | 60 | 100 | 200 | 20 | 60 | 100 |
Maximum Accelerated TCP sessions11 | 10,000 | 10,000 | 10,000 | 10,000 | 10,000 | 10,000 |
Concurrent Citrix SD-WAN client plug-ins | ||||||
Video caching | ||||||
WCCP clustering | ||||||
Networking Cloud Connector | ||||||
Group mode |
Appliance | VPX | ||||||
---|---|---|---|---|---|---|---|
Model | VPX 2-WO | VPX 6-WO |
VPX 10-WO |
VPX 20-WO |
VPX 50-WO |
VPX 100-WO |
VPX 200-WO |
Optimized WAN capacity16,17 |
2 Mbps | 6 Mbps | 10 Mbps | 20 Mbps |
50 Mbps | 100 Mbps | 200 Mbps |
QoS/unaccelerated bandwidth limit | 15 Mbps | 50 Mbps | 75 Mbps | 150 Mbps | 250 Mbps | 250 Mbps | 300 Mbps |
Maximum HDX CCUs18 |
20 | 60 | 100 | 200 | 300 | 400 | 500 |
Total TCP sessions19 | 5,000 | 5,000 | 5,000 | 10,000 | 10,000 | 20,000 | 30,000 |
Concurrent Citrix SD-WAN client plug-ins |
20 | 60 | 100 | 200 | 300 | 400 | 500 |
Video caching | |||||||
WCCP clustering | |||||||
Networking Cloud Connector20 |
|||||||
Group mode |
|||||||
Hypervisor | XenServer 5.5 - 6.2 , Hyper-V 2008R2SP1 - 2012 , ESX/ESXi 4.1-6.0 | ||||||
Processor | Dual core (quad core recommended) Intel VTx or AMD-V 64-bit x86 | ||||||
Memory | 6 GB | 6 GB | 6 GB | 6 GB | 6 GB | 8 GB | 16 GB |
Virtual CPU | 1 x Citrix Hypervisor & 2 x Vmware vSphere (>2.33GHz) |
2-4 x Citrix Hypervisor,Hyper-V & VMware vSphere (>2.33GHz) | 2-4 x Citrix Hypervisor, Hyper-V & VMWare vSphere (~3.0GHz) |
||||
Hard drive22 |
100 GB |
100 GB | 250 GB |
250 GB |
250 GB |
500 GB |
500 GB |
Network interface | 2 virtual NIC's |
4, 8, 16 Only outbound WAN traffic is counted against the licensed bandwidth (Mbps or Gbps purchased). QoS and / or unaccelerated traffic do not count against the licensed bandwidth. Unaccelerated and QoS traffic can, however, impact the total amount of outbound accelerated traffic.
5, 9, 17 Some protocols (for example ICA) can limit the processing capacity of the appliance before the licensed bandwidth is reached.
14 User count is based upon a medium level workload as defined by Login VSI and Citrix Virtual Apps and Desktops / Citrix Virtual Apps advanced encryption security. User count is limited by link bandwidth and TCP session counts. No user count is enforced. Published numbers are for guidance purposes only.
15 TCP session count will be reduced by active HDX sessions. No session count is enforced. Published numbers are for guidance purposes.
16 Only outbound WAN traffic is counted against the licensed bandwidth (Mbps or Gbps purchased). QoS and / or unaccelerated traffic do not count against the licensed bandwidth. Unaccelerated and QoS traffic can, however, impact the total amount of outbound accelerated traffic.
17 Some protocols (for example ICA) can limit the processing capacity of the appliance before the licensed bandwidth is reached.
18 User count is based upon a medium level workload as defined by Login VSI and Citrix Virtual Apps and Desktops / Citrix Virtual Apps advanced encryption security. User count is limited by link bandwidth and TCP session counts. No user count is enforced. Published numbers are for guidance purposes only.
19 TCP session count will be reduced by active HDX sessions. No session count is enforced. Published numbers are for guidance purposes.
20 For Citrix SD-WAN appliances, the Networking Cloud Connector is delivered as a separate software appliance.
21 The VPX images are qualified to run on Intel processors only.
22 For best performance, use solid state drives or high IOPs storage devices.
26210-LTE-RC: EMC Certifications include CCC, NAL, SRRC – FCC (Part 15 Class A), CE, CITC, EAC, ENACOM, IFT 210-LTE-R2: EMC certifications include – FCC (Part 15 Class A), CE, Anatel, BIS, BSMI, CITC, EAC, ICASA, MIC, NTC, RAA, RCM
Schedule a 1:1 expert-led demo