Kaspersky SD-WAN has the following new and improved functionality:
Integration with Kaspersky KSC/OSMP is supported (with some limitations; see Known limitations below).
Improved CPE scaling to a cluster of controllers thanks to the Active-Active Multi-Master architecture.
Added support for Policy-based Routing.
Static DHCP reservation is supported.
Connecting a CPE to the controller and orchestrator via a LAN port is now supported.
Added BGP support for additional VRF tables.
A CPE can be reset to default settings using a button (for KESR M1–M3 models).
The graphical interface of the orchestrator has been improved by replacing modal windows with side panes.
Improved Link State Control mechanism: the controller is asynchronously notified about failure or recovery of tunnel links.
Firmware metadata now includes its type (OVS/SWOS).
The controller/orchestrator connectivity status is indicated by an LED on the CPE panel (only for special device versions).
Reservation of MAC address allocation for overlay interfaces.
Added the OpenFlow packet prioritizing mechanism.
The optimized view of tunnels between CPE and controllers now displays full information about links, including the NAT and WAN Disjoint topology attributes.
The route metric for network interfaces with sdwan0–sdwan3 aliases is assigned automatically: the sdwan0 gets the highest priority, and sdwan3 gets the lowest priority. The Route metric value is blocked for manual editing for interfaces with sdwan0–sdwan9 aliases.
Known limitations
Kaspersky SD-WAN has the following limitations:
Limitations when integrating the solution with Kaspersky KSC/OSMP:
Available for new installations only
SSH console is not supported
VNC console is not supported
Firewall rules do not work in user-created virtual routing and forwarding tables.
When static routes are modified, the FRR daemon is restarted.
NetFlow flows are not distributed across network interfaces.