Cisco SD-WAN Solution Overview

Available Languages

Download Options

  • PDF
    (2.2 MB)
    View with Adobe Reader on a variety of devices
Updated:June 6, 2023

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Cisco Certified Remanufactured Equipment for Networking

Upgrade at deeply discounted prices to help ensure secure network transformation.

Available Languages

Download Options

  • PDF
    (2.2 MB)
    View with Adobe Reader on a variety of devices
Updated:June 6, 2023



The continued evolution of IT infrastructure and the shift towards multicloud application strategies have created unprecedented levels of network complexity. The traditional WAN architecture is not equipped to handle the scale and diversity of modern networks, leaving organizations struggling to manage their networks effectively and provide the reliable, secure connectivity that users demand.

The challenges of network complexity are multifaceted. The proliferation of cloud applications has led to a distributed and fragmented network environment, making it difficult to ensure consistent performance and security across all locations. Additionally, the increasing number of devices and users, along with the rise of remote and hybrid work models, has further complicated the network landscape.

These challenges have highlighted the need for a transformation of network infrastructure. IT teams must simplify their network environment and ensure secure, reliable connectivity across all locations. They require a solution that can adapt to changing network requirements and provide real-time visibility into network performance and security.

That's where Cisco Catalyst SD-WAN comes in. By leveraging advanced networking and security capabilities, Cisco Catalyst SD-WAN enables organizations to manage their multicloud network environment with ease, simplify their operations, and optimize application performance across their distributed workforce.


Cisco Catalyst SD-WAN connects any user to any application with integrated capabilities for multicloud, security, predictive operations, and enhanced network visibility —all on a SASE-enabled architecture. Cisco Catalyst SD-WAN enables you to transform your IT infrastructure by delivering network connectivity that’s cloud-agnostic, efficient and simpler to manage, lowers operational costs and increases control and visibility across the entire digital service delivery chain.

Cisco vManage provides a highly visualized dashboard that simplifies network operations. It provides centralized configuration, management, operation, and monitoring across the entire SD-WAN fabric. ---

Cisco Catalyst SD-WAN offers integrated security, including full-stack multilayer security capabilities on the premises and in the cloud. This integrated security provides real-time threat protection where and when it is needed — for branches connecting to multiple Software-as-a-Service (SaaS) or IaaS clouds, data centers, or the internet, further accelerating the transition to a SASE-enabled architecture. Cisco Catalyst SD-WAN is fully integrated with the cloud-delivered Cisco Umbrella, which offers protection against security blind spots and cyberthreats. The integration between Cisco Catalyst SD-WAN and Umbrella enables networking and security convergence capabilities that accelerate the transition to a SASE architecture in a secure and agile manner.


“As we expand our intent-based network, the Cisco Catalyst 8000 Edge Platforms check all the boxes for an agile SD-WAN solution that can deliver the performance, security, and visibility needed to deliver these real-time connected experiences.”

Ed Vanderpool,

IT Technical Manager, Adventist Health

Using the Cisco vManage dashboard (Figure 1), you can quickly connect all company data centers, core and campus locations, branches, colocation facilities, cloud infrastructure, and remote workers. To enable this interconnection, Cisco Catalyst SD-WAN applies the Overlay Management Protocol (OMP) to your entire network. Cisco Catalyst SD-WAN simplifies IT operations with automated provisioning, unified policies, and streamlined management, making changes, updates, and resolutions in record time. You gain advanced network functionality, reliability, and security.

The Cisco vManage dashboard

Figure 1.            

The Cisco vManage dashboard

Cisco provides a flexible architecture to extend SD-WAN to any environment (Figure 2). Whether you deploy your product in the cloud or on-premises, Cisco Catalyst SD-WAN automatically discovers, authenticates, and provisions both new and existing devices.

A screenshot of a computerDescription automatically generated with medium confidence

Figure 2.            

Benefits of the flexible Cisco Catalyst SD-WAN architecture

Multicloud choice and control

Businesses are using not just one cloud data center in their IT operations, but several clouds across IaaS, SaaS, and Platform as a Service (PaaS) (Figure 3). Connecting these workloads and applications together with the WAN and remote users is a challenge.

To help reduce this complexity, Cisco Catalyst SD-WAN provides the ability to connect any WAN location to multiple cloud platforms or any other enterprise site, increasing connection speeds and enhancing connection reliability. Cisco Catalyst SD-WAN Cloud OnRamp creates a WAN extension for your IaaS workloads, provides dynamic path selection for optimal SaaS application performance, consolidates branch office egress points into regional colocation facilities, and automates cloud-agnostic branch connectivity with cloud interconnect.

Monitoring underlay performance via the Cisco Catalyst SD-WAN dashboard, Cloud OnRamp automatically selects the fastest, most reliable path to the cloud infrastructure, no matter where your end users are located. In the event of network service interruptions beyond your control, Cloud OnRamp will adjust paths as necessary, helping ensure continuous uptime and predictable performance.

SD-WAN Cloud OnRamp for Multicloud

Cisco Catalyst SD-WAN makes connecting the company WAN to IaaS environments such as Amazon Web Services, Google Cloud, and Microsoft Azure simple, automated, and secure — as though the cloud databases themselves are part of the corporate network. In the Cisco Catalyst SD-WAN console, your network and operations teams can automate virtual private cloud connections to IaaS environments, extending the Cisco Catalyst SD-WAN OMP to the cloud. Cisco Catalyst SD-WAN applies automated connectivity requirements (loss, latency, and jitter) to find the optimal path to cloud IaaS applications, adjusting the IPsec route as needed to help ensure service delivery and performance while monitoring the hosting infrastructure for anomalies.

A picture containing screenshot, diagram, designDescription automatically generated

Figure 3.            

Cisco Catalyst SD-WAN Cloud OnRamp for IaaS, PaaS, and SaaS applications

Cisco Catalyst SD-WAN Cloud Hub

Cisco Catalyst SD-WAN Cloud Hub leverages SD-WAN to interconnect branch sites, on-premises data centers, and the cloud using a public cloud service provider’s backbone (such as AWS, Google Cloud, or Microsoft Azure) as an underlay. Cloud Hub reduces provisioning from months to minutes with site-to-cloud network automation as well as offering high availability and multiple points of presence across the world using a cloud service provider’s global infrastructure for site-to-site connectivity (Figure 4).

A screenshot of a computerDescription automatically generated with low confidence

Figure 4.            

Cisco Catalyst SD-WAN Cloud Hub

SD-WAN Cloud OnRamp for SaaS

In addition to building application workloads in IaaS cloud environments, many companies today use SaaS applications for streamlined operations. As with IaaS, connectivity to these applications requires sharing resources with other customers on distant hardware. Fortunately, Cisco Catalyst SD-WAN Cloud OnRamp for SaaS makes connecting to and securing these SaaS environments simple.

Partnering with several SaaS providers, Cisco Catalyst SD-WAN Cloud OnRamp automatically selects the fastest, most reliable path to SaaS applications for your users (Figure 5), engaging in real-time traffic steering to deliver the best user experience no matter where they are located. Should an internet service issue cause connectivity that falls below your benchmarks, Cloud OnRamp finds the next best path to help ensure continued application performance. In fact, Cisco has partnered with over 14 leading SaaS vendors to deliver superior application performance compared to competing SD-WAN solutions. In addition, the solution automates best path selection for custom and standard NBAR (Network Based Application Recognition) applications, allowing enterprises to enable Cloud OnRamp for SaaS capabilities with the application of their choice.

Cisco Catalyst SD-WAN Cloud OnRamp for SaaS has taken communication, collaboration, and video capabilities to the next level with Webex. Cisco Catalyst SD-WAN segregates Webex traffic from generic internet traffic and routes it via the best path from a specific branch router to deliver a seamless, consistent, and high-quality user experience. The solution also allows you to enjoy up to 40 percent faster performance for Microsoft 365. Features such as informed network routing and URL categorization greatly streamline the customer experience, giving users deeper abilities to manage and route traffic within Microsoft 365 to improve speed, efficiency, and performance across the entire suite of applications.

A picture containing screenshot, text, circle, diagramDescription automatically generated

Figure 5.            

Dynamic path selection in Cisco Catalyst SD-WAN Cloud OnRamp for SaaS

Cisco Catalyst SD-WAN Cloud Interconnect

Cisco Catalyst SD-WAN Cloud Interconnect (Figure 8) uses a cloud agnostic backbone to connect from site to site and site to multiple clouds. This Cloud OnRamp solution automates on-demand connectivity between multiple sites and to the world’s leading cloud provider networks directly from your SD-WAN controller. Combined with a Software-Defined Cloud Interconnect (SDCI) partner, this solution delivers reliable network performance while decreasing operational costs and complexity. Cloud Interconnect provides a single, easy-to-use console to automate deployment of connections, reducing provisioning from weeks to minutes. SDCI partners like Equinix or Megaport, provide secure, reliable connectivity using a global ecosystem and significantly reduce cloud data egress fees and network charges.

A picture containing circle, screenshotDescription automatically generated

Figure 6.            

Cisco Catalyst SD-WAN Cloud Interconnect

SASE-ready, cloud-delivered security

As IT architectures are changing, so is the threat landscape, which continues to evolve as well. The digital transformation that has resulted in the adoption of multicloud access and the proliferation of applications and devices has also increased the attack surface and exposed organizations to new security vulnerabilities.

Securing these modern IT environments requires a fresh approach that is an alternative to a traditional centralized security stack in the data center. SASE unifies networking and security services into a cloud-delivered service to provide comprehensive integrated security. Cisco with our partners offers an unmatched breadth of assets and expertise in networking and security for both on-premises and cloud deployments.

Cisco Catalyst SD-WAN can deploy a complete security solution, either on-premises or with Cisco Umbrella cloud security. Enabling DIA with SD-WAN provides more efficient SaaS and internet connectivity but has security blind spots. Web-based attacks are a major source of threats. Cisco’s on-premises and cloud security provides strong protection against web-based attacks and delivers a complete set of features such as enterprise firewalls, a cloud access security broker, secure web gateways, malware protection, intrusion prevention system, URL filtering, and DNS-layer protection. Implement segmentation across the entire network to isolate and protect critical assets (Figure 9). By choosing Cisco Catalyst SD-WAN, you gain the ability to automate the right security in the right place, all from a single dashboard. It eliminates the cost and complexity of multiple standalone point products for a cloud-delivered, fully integrated solution.

A picture containing screenshot, diagram, design, artDescription automatically generated

Figure 7.            

Cisco Catalyst SD-WAN built-in on-premises security or Cisco Umbrella cloud security

Whether you deploy your SD-WAN security on-premises or in the cloud, Cisco Catalyst SD-WAN uses real-time threat intelligence from Cisco Talos®, the industry’s leading threat intelligence group, which provides comprehensive threat protection in real time for market-leading protection. After a few simple clicks in the dashboard (Figure 10), Cisco Catalyst SD-WAN will harden your entire network from core to edge and cloud with security capabilities such as Cisco Secure Firewall, Cisco Umbrella Secure Internet Gateway, and Malware Defense. No other SD-WAN solution delivers this level of comprehensive routing and threat intelligence on a certified trustworthy infrastructure.

Only Cisco can deploy multilayered security across the network in an automated manner. As a result, end users — whether in the data center, in a branch, on the campus, or in a remote location — can enjoy protection from a multitude of security threats. Cisco Catalyst SD-WAN makes comprehensive network security simple, protecting your business against data exfiltration and insider threats.

“We’ve never had application visibility like this before. This added security protects our staff from the ever-present threats on the internet.”

Joel Marquez,

IT Director, Tamimi Markets

Analytics and insights

Applications and users are more distributed than ever, and the internet has become the new enterprise WAN. As SD-WAN has transformed to connect users across multicloud, branch, data centers, and a hybrid workforce, IT and network operation teams are constantly challenged to deliver reliable connectivity, application experience, and security over networks and services they don’t own or directly control.

In parallel, networks and devices generate a multitude of data points across thousands of sites, network paths, applications, and distributed users. It has become impossible to digest and make sense of this data. Time spent on the identification of issues and troubleshooting requires significant resources and further prolongs negative impacts on productivity.

Cisco Catalyst SD-WAN Analytics simplifies network operations by providing granular network insights, predictivity, and automation that not only heighten network integrity but also deliver optimal application experience. By liberating IT and network teams from complex network operations, Cisco Catalyst SD-WAN empowers IT and network operation teams to maximize productivity and improve operational efficiency and resiliency, ultimately accelerating digital transformation and innovation.

The Cisco Catalyst SD-WAN Analytics solution consists of the following applications:

Cisco vAnalytics

Cisco vAnalytics aggregates a large volume of telemetry data and correlates application performance with underlying networks for operational insights, in a highly visualized and simplified manner. vAnalytics enhances network visibility, establishes historical benchmarks, and expedites root-cause isolation, ultimately enabling enterprises to take the necessary corrective actions and total control of the user experience.

Cisco vAnalytics

Figure 8.            

Cisco vAnalytics

Predictive Path Recommendations

Cisco’s Predictive Path Recommendations (PPR) powered by ThousandEyes WAN Insights, an integral component of Cisco Predictive Networks, delivers a predictive network solution, enabling Cisco Catalyst SD-WAN customers to proactively improve the application experience for users. Leveraging advanced algorithms and predictive models, PPR determines the performance and policy compliance of the paths carrying the site application traffic. When performance is below historical benchmarks or SLA, PPR can make recommendations and automatically implement corrective actions – before impacting users. Predictive Path Recommendation is available today. Closed-loop automation feature is expected to be available in August 2023.

Predictive Path Recommendations

Figure 9.            

Predictive Path Recommendations

Cisco ThousandEyes

The integration of Cisco Catalyst SD-WAN and ThousandEyes brings end-to-end visibility into application delivery and network performance beyond the traditional enterprise network boundaries. This integration provides the only SD-WAN solution with turnkey ThousandEyes vantage points, delivering an optimal application experience over any network. Enterprises and other organizations can expedite the deployment of ThousandEyes agents through vManage integration to quickly pinpoint the source of issues, get to resolution faster, and manage the performance of what matters.

Cisco ThousandEyes

Figure 10.         

Cisco ThousandEyes

“Cisco Catalyst SD-WAN Security delivers simplicity and automation so that we can apply the right security controls where needed, when needed. We are very excited to bolster that solution with the Catalyst 8000 Edge Platform solution.”

Director of Product Management,

Riedel Networks

See more Cisco Catalyst SD-WAN customer stories

Benefits of the Cisco Catalyst SD-WAN Analytics solution

      Optimize efficiency – Correlate raw telemetry sources, establish historical benchmarks, and provide operational insights, thereby transforming network operations from a reactive to a highly predictive model.

      Optimize resiliency - Monitor network and application performance proactively, while validating implemented policies with business requirements to avoid performance issues before impacting users.

      Optimize user experience – Enable a unified application experience your end users have come to expect, irrespective of their location and associated network environment.

      Optimize operational sustainability - Establish a perpetual optimization cycle that achieves overall CapEx and OpEx efficiency. Predictive analytics improve network engineering that enables organizations to plan optimal capacity, thereby driving CapEx efficiency. OpEx efficiency is achieved by proactively preventing user-impacting issues, automating resolution, and reducing the overall troubleshooting cycles.

      Optimize productivity - Create a proactive engagement model that allows network conditions that may otherwise have gone unnoticed, to be addressed before reaching a noticeable level. A proactive operating model will ultimately free up resources and time that can shift to higher-level strategic and innovation priorities.

      Optimize operations – Deliver strategic business outcomes to enterprise and service providers. Workforce challenges in the IT sector are not new with difficulties in finding the right talent to keep up with attrition and growth. Skill gaps grow greater each year as employers chase a smaller pool of highly skilled workers with expertise in cloud-native platforms, networking engineering, and security. Enhanced visibility, automation, and prediction can fill the gaps by standardizing operations and executing routine operational activities on a proactive basis.

Simplifying communications with integrated unified communications

Cisco Catalyst SD-WAN supports Unified Communications (UC) and SD-WAN within a single box (Figure 13). Unified communications integrate communication services, including voice, extension mobility and single number reach, instant messaging, presence information, and video conferencing, as well as other advanced features such as unified messaging with integrated voicemail, messaging, email, and faxing.

A picture containing text, screenshot, circle, designDescription automatically generated

Figure 11.         

Integrated unified communications

Benefits of Cisco Catalyst SD-WAN unified communications and voice integration

Telephony integration

Cisco is the only vendor to natively integrate analog, digital, and IP telephony interfaces directly into its Customer Premises Equipment (CPE).

Reduced OpEx and CapEx

Having both UC and SD-WAN within a single CPE device means lower support and licensing costs and eliminates the cost of the UC hardware.

VoIP solution investment protection

Many customers have large deployments of IP phones and other VoIP solutions. Integration of UC and voice on Cisco edge devices helps ensure that investments in existing equipment can be leveraged, since they are supported in the cloud with Cisco Catalyst SD-WAN.

Reduced complexity

Cisco vManage can orchestrate scalable and consistent UC configurations across the entire enterprise via templates, and policies can prioritize specific application links, with fallback capability in case of link failure or degradation.

Telephony survivability

Prevent internal and external IP phone outages using Cisco Unified Survivable Remote Site Telephony (SRST), enabling the edge device as the fallback IP PBX with access to the Public Switched Telephone Network (PSTN).

Middle-mile optimization

Cisco is the only vendor extensively partnering with colocation and SDCI partners for optimization with cloud applications (Cisco Webex®, Unified Communications Manager Cloud, and more). Cisco’s Cloud OnRamp functionality provides optimal performance for UC applications hosted in a SaaS cloud.

Security and communication integrity

Cisco Catalyst SD-WAN also integrates best-in-class security with cloud-based Cisco Umbrella or Cisco’s on-premises security portfolio, thereby ensuring the security and integrity of your network and unified communications.

SD-WAN platforms

Cisco offers the widest selection of platforms and appliances so that you can deploy SD-WAN anywhere (Figure 14). These industry-leading edge platforms combine innovative cloud networking capabilities with multilayer security support, hardware-accelerated encryption, and robust port flexibility to offer flexible, secure cloud connectivity in SD-WAN that scales. With Cisco Catalyst SD-WAN, you can create the most comprehensive fabric possible, scaling your entire business into hybrid and multicloud environments with ease.

A screenshot of a computerDescription automatically generated with low confidence

Figure 12.         

Cisco Catalyst SD-WAN platform capabilities


Edge locations are at the forefront of digital transformation. These locations vary widely, from branch offices to restaurants, sports stadiums, and more. They’re united in requiring reliable security, connectivity, and application storage for IoT. Deploy Cisco Catalyst SD-WAN on Catalyst 8500, 8300, and 8200 Series Edge Platforms or on Cisco 1100 Series Integrated Services Routers (ISRs) with a single image for Cisco IOS® XE. Cisco Catalyst SD-WAN can also be deployed on SD-Branch solutions such as the Catalyst 8200 Series Edge uCPE and Cisco UCS® E-Series platforms using Network Functions Virtualization (NFV). In addition, you can even extend Cisco Catalyst SD-WAN into adverse conditions, industrial facilities, vehicles, and factories with the Catalyst 1101, 1800, 8100, and 8300 industrial routers for mission-critical use cases. Catalyst industrial routers offer a ruggedized industrial form factor and simplified management with Cisco Catalyst SD-WAN on Cisco IOS XE.


Core locations are the backbone of any corporate WAN and include data centers and campuses. These locations have heavy traffic and require powerful aggregation throughput capabilities, resilient connectivity, and built-in security. Deploy Cisco Catalyst SD-WAN at the core with the Catalyst 8500 Series Edge Platforms to connect your core to the SD-WAN fabric.


Simplify WAN management with Cisco Catalyst SD-WAN Cloud OnRamp for Colocation. Deploy regional hub solutions on the Cisco Cloud Services Platform 5000, or connect SD-WAN with the Cisco Catalyst 8500 Series.


Cisco Catalyst SD-WAN extends control and connectivity to cloud environments such as Amazon Web Services, Google Cloud, and Microsoft Azure. Deploy Cisco Catalyst SD-WAN in cloud environments through the Cisco Catalyst 8000V Edge Software or the Cloud Services Router 1000V Series.


Cisco DNA Software for SD-WAN and Routing subscriptions are available in three subscription tiers. Subscriptions can be purchased either transactionally or as an enrollment in an Enterprise Agreement. Software licenses are portable across cloud and premises, are easy to upgrade across tiers, and include Software Support Service (SWSS) for the Cisco DNA Software stack.

A screenshot of a computerDescription automatically generated with low confidence

Figure 13.         

Cisco DNA subscription tiers

Software tiers:

      Cisco DNA Essentials for SD-WAN and Routing: Simplified management and security protection for the cost-conscious customer. Centralized, secure SD-WAN management for up to 4+1 VPNs. Optimized for cloud connectivity.

      Cisco DNA Advantage for SD-WAN and Routing: Advanced SD-WAN with enhanced security for feature-rich and valued branch deployment models. Unlimited SD-WAN segmentation, plus network and application assurance using WAN optimization and real-time analytics.

      Cisco DNA Premier for SD-WAN and Routing: Advanced SD-WAN security will mitigate the most sophisticated threats to your business. Cisco DNA Premier includes all the features of Cisco DNA Essentials and Advantage, plus adds Cisco Umbrella SIG Essentials licenses.

For a full list of features in Cisco DNA Software for SD-WAN and Routing, please see our Feature Matrix.

Cisco DNA licensing tiers

Figure 14.         

Cisco DNA licensing tiers

Why Cisco Catalyst SD-WAN

Cisco Catalyst SD-WAN helps organizations connect any user to any application, with integrated capabilities for multicloud, security, unified communications, and application optimization — all on a SASE-enabled architecture. It delivers the following key technology differentiators:

      Optimized for Multicloud

      Goes beyond traditional SD-WAN

      Integrated security

      Flexible and scalable architecture

      Integrated unified communications

      Enhanced network visibility and predictivity with Cisco ThousandEyes, vAnalytics and Predictive Path Recommendations (PPR)

      Multigigabit capability

      Robust and diversified platform

      Operational Simplicity


Cisco Services helps IT teams worldwide design, manage, and maintain some of the most sophisticated, secure, and intelligent platforms for digital business. Our innovation, expertise, and services quality, coupled with advanced analytics, automation, and security, help you bridge the talent gap, manage risk, deliver excellence, and stay ahead of the pace of change.

Getting started

There’s no question that businesses undergoing digital transformation are seeing their IT architectures change — and the challenges are enormous. Choose Cisco Catalyst SD-WAN for the latest in networking and security technology, built with the trust earned from a history of innovation. Visit today to learn more.

How to buy

To view buying options and speak with a Cisco sales representative, visit


Learn more