Kaspersky SD-WAN
Contents
Contents
What's new
Kaspersky SD-WAN has the following new and improved functionality:
- Integration with Kaspersky KSC/OSMP is supported (with some limitations; see Known limitations below).
- Improved CPE scaling to a cluster of controllers thanks to the Active-Active Multi-Master architecture.
- Added support for Policy-based Routing.
- Static DHCP reservation is supported.
- Connecting a CPE to the controller and orchestrator via a LAN port is now supported.
- Added BGP support for additional VRF tables.
- A CPE can be reset to default settings using a button (for KESR M1–M3 models).
- The graphical interface of the orchestrator has been improved by replacing modal windows with side panes.
- Improved Link State Control mechanism: the controller is asynchronously notified about failure or recovery of tunnel links.
- Firmware metadata now includes its type (OVS/SWOS).
- The controller/orchestrator connectivity status is indicated by an LED on the CPE panel (only for special device versions).
- Reservation of MAC address allocation for overlay interfaces.
- Added the OpenFlow packet prioritizing mechanism.
- The optimized view of tunnels between CPE and controllers now displays full information about links, including the NAT and WAN Disjoint topology attributes.
- The route metric for network interfaces with sdwan0–sdwan3 aliases is assigned automatically: the sdwan0 gets the highest priority, and sdwan3 gets the lowest priority. The Route metric value is blocked for manual editing for interfaces with sdwan0–sdwan9 aliases.
Known limitations
Kaspersky SD-WAN has the following limitations:
- Limitations when integrating the solution with Kaspersky KSC/OSMP:
- Available for new installations only
- SSH console is not supported
- VNC console is not supported
- Firewall rules do not work in user-created virtual routing and forwarding tables.
- When static routes are modified, the FRR daemon is restarted.
- NetFlow flows are not distributed across network interfaces.