Cisco Catalyst SD-WAN Policy Groups Configuration Guide, Releases 26.x and Later

Feature history for NGFW

Updated: March 10, 2026

Want to summarize with AI?

Provides feature history information for security policy using policy groups functionality.

Table 1. Feature history
Feature Name	Release Information	Description
Security Policy Using Policy Groups	Cisco IOS XE Catalyst SD-WAN Release 17.12.1a Cisco Catalyst SD-WAN Manager Release 20.12.1	This feature provides a simple, reusable, and structured approach for configuring security policies in Cisco Catalyst SD-WAN. You can create a security policy, that is, a logical grouping of policies that is applied to one or more sites or a single device at a site in the network. To deploy the policy group to devices, the devices must be managed by a configuration group in Cisco Catalyst SD-WAN. The Deploy Policy Group workflow provides a guided method to choose previously created policy groups and deploy them to sites or a single device at a site that is managed by configuration groups.
Add Source Interface for High-Speed Logging and External Syslog	Cisco IOS XE Catalyst SD-WAN Release 17.16.1a Cisco Catalyst SD-WAN Manager Release 20.16.1	This enhancement for security logging allows you to specify the following in the additional settings of the security policy: Source interfaces for high-speed logging (HSL) servers (up to four) Source interface for the external syslog server
Enhancements to Security Policy Using Policy Groups	Cisco IOS XE Catalyst SD-WAN Release 17.15.2 Cisco Catalyst SD-WAN Manager Release 20.15.2 Cisco IOS XE Catalyst SD-WAN Release 17.16.1a Cisco Catalyst SD-WAN Manager Release 20.16.1	The following enhancements are introduced with this release: Embedded Security is called NGFW in Cisco SD-WAN Manager. Create copies of security policy and sub-policy. View all configured rules for specific policies in the NGFW policy dashboard. For each rule, Clone rule, Add rule on top, and Add rule below options are added.
Version Management for Security Policy	Cisco Catalyst SD-WAN Manager Release 20.18.1	With this feature you can track and manage changes to your security policies using the version history.
IPv6 Rule and Rule Set Support in Security Policies	Cisco IOS XE Catalyst SD-WAN Release 17.18.2 Cisco Catalyst SD-WAN Manager Release 20.18.2	You can configure IPv6 data prefix lists, rule with rule sets, and object groups in security policy using Cisco SD-WAN Manager.
Enhancements for NGFW in Policy Groups	Cisco IOS XE Catalyst SD-WAN Release 26.1.1 Cisco Catalyst SD-WAN Manager Release 26.1.1.1	The following enhancements are introduced with this release: Import and export of the firewall policies. Display rule hit count. Drag and drop rules in a policy to update the priority. Display policy and object usage reference in the NGFW policy dashboard. Rule and policy name retention in the running CLI configuration.
Increase in FQDN Scale	Cisco IOS XE Catalyst SD-WAN Release 26.1.1 Cisco Catalyst SD-WAN Manager Release 26.1.1.1	With this feature the FQDN entries are increased to 256.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.