The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Feature | Description |
---|---|
Cisco vManage How-Tos for Cisco IOS XE SD-WAN Devices |
|
Flexible Tenant Placement on Multitenant Cisco vSmart Controllers |
With this feature, while onboarding a tenant to a multitenant deployment, you can choose the pair of multitenant Cisco vSmart Controllers that serve the tenant. After onboarding a tenant, you can migrate the tenant to a different pair of multitenant Cisco vSmart Controllers, if necessary. |
You can extend the SD-WAN fabric from the Interconnect gateway in Equinix into the AWS, Google Cloud and Microsoft Azure Cloud Service Providers. You can provision a secure private SD-WAN connection between an Interconnect Gateway and Cloud Service Providers through the Cloud onRamp workflows in Cisco vManage. |
|
You can extend the SD-WAN fabric from the Interconnect Gateway in Megaport into the AWS, Google Cloud and Microsoft Azure Cloud Service Providers. You can provision a secure private SD-WAN connection between an Interconnect Gateway and Cloud Service Providers through the Cloud onRamp workflows in Cisco vManage. |
|
License Management for Cisco SD-WAN Cloud Interconnect with Megaport |
To create Interconnect Gateways and Interconnect Connections in the Megaport fabric, you must purchase required licenses on Cisco Commerce workspace. With this feature, Cisco vManage operates together with Megaport to enable you to monitor your licenses while Cisco and Megaport jointly enforce the license requirements when you create Interconnect Gateways or Interconnect Connections. |
This feature lets you to configure user-identity-based firewall policies for unified security policies. |
|
Horizontal Scaling of Cisco Catalyst 8000V Instances in a Cloud Gateway |
With this feature, you can deploy between two and eight Cisco Catalyst 8000V instances as part of a cloud gateway in a particular region. In earlier releases, you can deploy exactly two Cisco Catalyst 8000V instances as part of a cloud gateway, with each instance deployed in a different zone of a region. |
Decoupled Site-to-Site and Site-to-Cloud Connectivity Configuration for Cloud Gateways |
With this feature, you can configure some cloud gateways to support site-to-site and site-to-cloud connectivity, and other cloud gateways to support only site-to-cloud connectivity. This configuration flexibility is particularly beneficial in some Google Cloud regions that do not yet support site-to-site connectivity. In earlier releases, connectivity type is a global configuration. You configure all the cloud gateways to support site-to-site and site-to-cloud connectivity, or to support only site-to-cloud connectivity. |
Configure the Traffic Category and Service Area for Specific Policies |
You can now configure the traffic category and service Area for specific policies using Cisco vManage. |
Enable Cloud OnRamp for SaaS Operation for Specific Applications at Specific Sites |
You can now configure AAR policy to enable Cloud OnRamp operation on specific applications at specific sites using Cisco vManage. |
You can now monitor the details of Microsoft 365 traffic processed by Cloud OnRamp for SaaS with better visibility. |
|
You can now choose whether Cloud OnRamp for SaaS should factor in the Microsoft telemetry data in the best path decision or not. |
|
With this feature, use the Secure Internet Gateway (SIG) feature template to provision automatic GRE tunnels to Zscaler SIGs. In earlier releases, the SIG template only supported the provisioning of automatic IPSec tunnels to Zscaler SIGs. |
|
With this feature, create a single global Cisco SIG Credentials template for each SIG provider (Cisco Umbrella or Zscaler). When you attach a Cisco SIG template to a device template, Cisco vManage automatically attaches the applicable global Cisco SIG Credentials template to the device template. |
|
Monitor security events related to automatic SIG tunnels using the Security Events pane on the page, and the Events dashboard on the page. Monitor automatic SIG tunnel status using the SIG Tunnel Status pane on the page, and the SIG Tunnels dashboard on the page. |
|
Tiered Transport Preference in Application-aware Routing and Data Policy |
This feature adds support for ranking of Application Aware Routing (AAR) preferred and backup preferred colors. You can configure up to three levels of priority based on the color or path preference on a Cisco IOS XE SD-WAN device. You can provide primary, secondary and tertiary priorities based on the color preference in Cisco vManage. |
When creating an application route policy or data policy, you can match traffic according to its destination region. The destination may be a device in the same primary region, the same secondary region, or neither of these. |
|
When configuring a centralized policy, you can create a preferred color group list, which specifies three levels of route preference, called primary, secondary and tertiary. The route preferences are based on TLOC color and, optionally, on the path type—direct tunnel, multi-hop path, or all paths. Path type is relevant to networks using Multi-Region Fabric. |
|
This feature lets you configure a Lawful Intercept in Cisco vManage. Cisco vManage and Cisco vSmart Controller provides LEA with key information so that they can decrypt the Cisco SD-WAN IPsec traffic captured by the MSP. |
|
This feature enables export spreading to prevent export storms that occur when a burst of packets are sent to external collector. The export of the previous interval is spread during the current interval to prevent export storms. When Deep Packet Inspection (DPI) or NetFlow packets are sent over a low-bandwidth circuit, the export spreading functionality is enabled to avoid packet drops. |
|
Wireless Management on Cisco ISR 1000 Series Routers supporting WiFi 6 WLAN module |
This feature lets you to configure wireless LAN settings on WiFi 6-capable Cisco 1000 Series Integrated Services Routers. |
You can create a network hierarchy in Cisco vManage to represent the geographical locations of your network. You can create a region, an area, and a site in a network hierarchy. In addition, you can assign a site ID and a region ID to a device. |
|
If you configure Cisco vManage to use a proxy server for internet access, Cisco vManage uses the proxy server to connect to Cisco SSM or an on-prem SSM. |
|
Support for Managing Licenses Using Cisco Smart Software Manager On-Prem |
Cisco vManage can synchronize device licenses using a Cisco SSM on-prem license server. This is useful for organizations that use Cisco SSM on-prem to accommodate a strict security policy that does not permit devices to communicate with Cisco SSM over a direct internet connection. |
Create Configuration Group Workflow for a Single-Router Site |
You can use the Create Configuration Group workflow to create a configuration group. This simplified workflow enables you to set up the WAN and LAN routing, in addition to the basic settings, at the time of creating a configuration group. |
Co-Management: Improved Granular Configuration Task Permissions |
To enable a user to self-manage specific configuration tasks, you can assign the user permissions to perform specific configuration tasks while excluding other tasks. This feature introduces numerous new permission options, enabling fine granularity in determining which configuration task permissions to provide to a user. . |
You can configure to leak routes and redistribute the leaked routes between the service VPNs at the same site using the Route Leak option in the Cisco vManage. |
|
Upgrade the software of Cisco edge devices using a scheduler which helps in scheduling the upgrade process at your convenience. |
|
Added support for Cisco Enterprise NFV Infrastructure Software (NFVIS) and Cisco Catalyst Cellular Gateways. |
|
You can customize the Monitor Overview dashboard. You can specify which dashlets to view and sort them based on your personal preferences. |
|
You can view information about the health of devices and tunnels in the topology. |
|
This feature provides enhancements to the Network-Wide Path Insight feature, including the collection and display of insight information, trace-level insight information, path insight information, and detailed application trace information. |
|
This feature allows you to access Support Case Manager (SCM) wizard using Cisco vManage. You can create, view, or edit the support cases directly from Cisco vManage without having to go to a different Case Manager portal. |
|
This feature introduces a Config Diff option for audit logs of device templates and feature templates to view the configuration changes when a template is not attached to a device. |
|
Additional Real Time Monitoring Support for AppQoE and Other Configuration Options |
This feature adds support for real-time monitoring of AppQoE and other device configuration details in Cisco vManage. |
Feature | Description |
---|---|
Cisco vManage How-Tos for Cisco IOS XE SD-WAN Devices |
|
You can use the configuration group workflow in Cisco vManage to create configuration groups and feature profiles. A configuration group is a logical grouping of devices that share a common purpose within your WAN. |
|
Traffic Redirection to SIG Using Data Policy: Fallback to Routing |
With this feature, you can configure internet-bound traffic to be routed through the Cisco SD-WAN overlay, as a fallback mechanism, when all SIG tunnels are down. |
You can add tags to devices using Cisco vManage. You can use the tags for grouping, describing, finding, or managing devices. |
|
Periodic Audit, Enhancement to Azure Scaling and Audit, and ExpressRoute Connection. |
You can now enable periodic audit and auto correct options from Cisco vManage. |
Cisco SD-WAN Cloud Interconnect with Equinix: Google Cloud and Microsoft Azure |
You can create software-defined interconnects to Google Cloud VPCs, or Microsoft Azure VNets or Virtual WANs to link your branch location to the cloud resources through the Equinix fabric. You can also create, update and delete device links from Interconnect Gateway in the Equinix fabric. |
You can deploy Cisco ThousandEyes Enterprise agent natively as a container application on Cisco Catalyst 8500 Series Edge Platforms and Cisco ASR 1000 Series Aggregation Services Routers. You can install and activate the Cisco ThousandEyes Enterprise agent through Cisco vManage. |
|
View Details of Microsoft Telemetry and View Application Server Information for Office 365 Traffic |
In Cisco vManage, you can view the cloud application server information that Cisco SD-WAN collects over time for Office 365 traffic. This information can be helpful when troubleshooting performance issues with Office 365 traffic. |
In Cisco vManage, you can define lists of one or more SaaS applications, together with the relevant application server. Cloud onRamp for SaaS handles these lists in the same way that it handles the predefined set of SaaS applications that it can monitor. When you enable a user-defined list, Cloud onRamp for SaaS probes for the best path to the application server and routes the application traffic for applications in the list to use the best path. |
|
Source-Only Load Sharing: When you configure two or more active tunnels to a Secure Internet Gateway (SIG), different traffic flows from the same source IP address, with different destination public IP addresses, may be mapped to use different tunnels. With this feature, you can configure all traffic flows from a particular source IP address, irrespective of the destination IP address, to be routed to the SIG through only one of the active tunnels. You can configure source-only load sharing using the ip cef load-sharing algorithm src-only in a CLI Add-On template. |
|
You can create and attach trackers to manually created GRE or IPSec tunnels to a SIG endpoint. Trackers help failover traffic when a SIG tunnel is down. You can configure the trackers using the SIG feature template. |
|
Secondary regions provide another facet to the Hierarchical SD-WAN architecture and enable direct tunnel connections between edge routers in different primary access regions. When you assign an edge router a secondary region, the router effectively operates in two regions simultaneously, and has different paths available through its primary and secondary regions. |
|
An edge router or border router that has connections to two networks that lack direct connectivity can function as a transport gateway. This is helpful for enabling connectivity between routers that are configured to be within the same access region, but which do not have direct connectivity. |
|
Often a router has multiple options to choose for the next hop when routing a flow to its destination. When multiple devices can serve as the next hop for a flow, you can specify the order of preference among the devices by configuring router affinity groups. The result is that a router attempts to use a route to the next-hop device of highest preference first, and if that device is not available, it attempts to use a route to the next-hop device of the next lower preference. Affinity groups enable this functionality without requiring complex control policies. |
|
Match Traffic by Destination: Access Region, Core Region, or Service VPN |
You can apply a policy to traffic whose destination is any one of the following—access region, core region, service VPN. Use this match condition for data policy or application route policy on a border router. |
When configuring a control policy for a Hierarchical SD-WAN architecture, you can match routes according to whether the route uses a hierarchical path, a direct path, or a transport gateway path. |
|
In a control policy, you can match routes according to the region of the device originating the route, or the role (edge router or border router) of the device originating the route. |
|
You can use this feature to route IPv4 traffic to the internet over an IPv6 tunnel. You can configure NAT DIA IPv4 over an IPv6 tunnel using a device CLI or a CLI add-on template. |
|
You can configure redirect DNS using Cisco vManage. |
|
With this feature, you can configure SVL ports on 100G Ethernet interfaces of Cisco Catalyst 9500-48Y4C switches, thus ensuring a high level of performance and throughput. |
|
You can use this feature to track LAN prefixes and LAN interfaces for service-side inside static NAT. You can configure the service-side NAT object tracker using Cisco vManage, a device CLI template, or a CLI add-on template. |
|
You can use this feature to configure a single static NAT pool for an entire subnet. You can configure service-side static network NAT using Cisco vManage or a device CLI template. |
|
Single Sign-On (SSO) with security assertion mark-up language (SAML) gives faster, easier, and trusted access to cloud applications without storing passwords or requiring you to log in to each application individually. |
|
For postpaid Managed Services License Agreement (MSLA) program licenses, Cisco SD-WAN supports two distinct billing models for licenses—committed (MSLA-C) and uncommitted (MSLA-U). The procedure for assigning a postpaid license enables you to choose one of these two MSLA license types. |
|
You can now upgrade software images on edge devices using the Workflows menu in Cisco vManage. |
|
You can now view the topology diagram of a site in Cisco vManage. |
|
You can configure packet tracing on edge devices. |
Feature | Description |
---|---|
Cisco vManage How-Tos for Cisco IOS XE SD-WAN Devices |
|
Azure Scaling, Audit, and Security of Network Virtual Appliances |
You can now configure the SKU scale value, security of your Network Virtual Appliances (NVAs), and initiate the audit services using the Cloud OnRamp for Multicloud workflow in Cisco vManage. |
You can revoke enterprise certificates from devices based on a certificate revocation list that Cisco vManage obtains from a root certificate authority. |
|
Cisco ThousandEyes Support for Cisco 1000 Series Integrated Services Routers |
You can deploy Cisco ThousandEyes Enterprise agent natively as a container application on Cisco ISR 1100X-6G devices. |
You can configure Default AAR and QoS policies. |
|
This feature adds Webex to the list of cloud applications for which Cloud onRamp for SaaS can determine the best network path to the cloud server. Cisco vManage periodically downloads a list of Webex servers organized by geographic region. Cloud onRamp for SaaS uses this server list to help calculate the best network path for Webex traffic in different regions. You can update the Webex server information that Cloud onRamp for SaaS uses for the Webex application. |
|
You can configure Cisco Unified Border Element functionality by using Cisco IOS XE SD-WAN device CLI templates or CLI add-on feature templates. |
|
This feature allows you to configure DHCP for IPv6 (DHCPv6) on Cisco IOS XE SD-WAN devices to assign IPv6 addresses to hosts on an IPv6-enabled network. A Cisco IOS XE SD-WAN device can be configured for DHCPv6 as a DHCP server, DHCP client, or as a DHCP relay agent. |
|
You can change the disaster recovery user password for disaster recovery components from the Cisco vManage Disaster Recovery window. |
|
Added Support for Configuring Geofencing Using a Cisco System Feature Template |
You can configure the geographical boundary of a device using a Cisco System feature template. |
This feature allows you to set up GRE over IPsec tunnels on Cisco IOS XE devices in the controller mode to connect to Cisco IOS XE devices in the autonomous mode. |
|
You can use Cisco vManage to enable and configure Hierarchical SD-WAN, which provides the ability to divide the architecture of the Cisco SD-WAN overlay network into multiple regional networks that operate distinctly from one another. |
|
This feature enables you to configure an interface-based firewall policy to control traffic between two interfaces or an interface-VPN-based firewall policy to control traffic between an interface and a VPN group. This feature also provides support for default zone where a firewall policy can be configured with a zone pair that consist of a zone and a default zone. |
|
You configure intra-VPN service-side NAT using a device CLI template or a CLI add-on template. Configure the ip nat outside command on the LAN interface for which you require translation of the source IP addresses to the outside local addresses. |
|
You can configure NAT66 DIA using Cisco vManage, the CLI, or a device CLI template. NAT66 DIA allows you to direct local IPv6 internet traffic to exit directly to the internet from the service-side VPN (VPN 1) through the transport VPN (VPN 0). |
|
Support for SNMPv3 AES-128 and AES-256 bit Encryption Protocol |
You can now configure SNMPv3 users with SHA-1 protocol and AES-128 and AES-256 encryption on Cisco IOS XE SD-WAN devices. |
Configure this feature using the CLI template and also add-on CLI template. |
|
This feature supports Unified Logging which is used to capture information about connection events across different security features at different stages during policy enablement and execution. |
|
Resource Limitations and Device-global Configuration Options |
This feature enables you to define resource limitation options such as idle timeout and session limits, and device-global options in the policy summary page to fine-tune a firewall policy behaviour after a firewall policy is implemented in Cisco SD-WAN. |
Dual Endpoint Support for Interface Status Tracking on Cisco IOS XE SD-WAN Devices |
You can configure tracker groups with dual endpoints using the Cisco vManage system template and associate each tracker group to an interface. |
TCP/UDP Endpoint Tracker and Dual Endpoint Static Route Tracker for Cisco IOS XE SD-WAN devices |
You can now configure static route tracker with TCP/UDP endpoint using Cisco system template, and configure a static route using the Cisco VPN template. You can then add the configured dual trackers in a tracker group using New Endpoint Tracker Groups option. |
Co-Management: Granular Role-Based Access Control for Feature Templates |
This feature introduces greater granularity in assigning role-based access control (RBAC) permissions for template use. This enables you to give a tenant self-management of network configuration tasks. Network administrators and managed service providers can use this feature to assign permissions to their end customers. |
This feature enables VRRP to set the edge as active or standby based on the WAN Interface or SIG tracker events and increase the TLOC preference value on a new VRRP active to ensure traffic symmetry, for Cisco IOS XE SD-WAN Devices. |
|
You can access additional diagnostics information collected from the application server, the configuration database, the statistics database, and other internal services. |
|
You can upload an admin-tech file to a TAC case from Cisco vManage. |
|
You can now upload a virtual machine image to Cisco vManage in qcow2 format. Earlier, you could upload only a prepackaged image file in tar.gz format. |
|
This feature enables you to register a remote server with Cisco vManage, and add locations of software images on the remote server to the Cisco vManage software repository. When you upgrade device or controller software, the device or controller can download the new software image from the remote server. |
|
Bidirectional Packet Capture for Cisco IOS XE SD-WAN Devices |
You can now set the Bidirectional toggle button to on to enable bidirectional packet capture. |
You can now capture packets at either the physical network interface card (PNIC) level or the virtual network interface card (VNIC) level on a Cloud Services Platform (CSP) device of a colocation cluster. To do this, you need to choose a PNIC or VNIC on the Cisco vManage interface and set the required traffic filters. |
Feature | Description |
---|---|
Cisco vManage How-Tos for Cisco IOS XE SD-WAN Devices |
|
You can add Cisco vManage servers to a cluster by identifying servers based on personas. A persona defines what services run on a server. |
|
While adding a new tenant to the multitenant Cisco SD-WAN deployment, a service provider can forecast the number of WAN edge devices that the tenant may deploy in their overlay network. Cisco vManage enforces this forecast limit. If the tenant tries to add devices beyond this limit, Cisco vManage responds with an appropriate error message and the device addition fails. |
|
Cisco SD-WAN Support for Carrier Supporting Carrier Connectivity |
Carrier supporting carrier (CSC) functionality enables you to interconnect different sites over a multiprotocol label switching (MPLS) backbone network. To use CSC, each site requires an edge router, called a customer edge (CE) device, that supports CSC functionality. You can configure a Cisco IOS XE SD-WAN device to function as a CE device. |
You can deploy a Cisco Cloud Services Router 1000V (Cisco CSR 1000V) instance as the Interconnect Gateway in the Equinix fabric and connect an SD-WAN branch location to the Interconnect Gateway. From the Interconnect Gateway, you can create software-defined interconnects to an AWS cloud onramp or another interconnect gateway in the Equinix fabric. |
|
Cisco SD-WAN Cloud Interconnect with Megaport: Interconnects to Google Cloud and Microsoft Azure |
You can deploy a Cisco Catalyst 8000v Edge Software (Cisco Catalyst 8000V) instance as the interconnect gateway in the Megaport fabric and connect an SD-WAN branch location to the interconnect gateway. From the interconnect gateway, you can create software-defined interconnects to Google Cloud VPCs, or Microsoft Azure VNets or Virtual WANs to link your branch location to the cloud resources through the Megaport fabric. |
Extended Visibility with Cisco SD-WAN and Cisco ThousandEyes |
You can deploy the Cisco ThousandEyes Enterprise agent on supported Cisco IOS XE SD-WAN devices through Cisco vManage. |
Using the Cisco vManage Cloud onRam for Multicloud workflow, you can enable Google Service Directory Lookup, use the Audit option to check whether the state of your objects in Google Cloud are in sync with Cisco vManage state, and view your Google Cloud resource inventory. |
|
This feature lets you to connect to Cloud onRamp for SaaS by means of a SIG tunnel. |
|
Apply DRE profiles using the AppQoE feature template in Cisco vManage. |
|
UCS-E Series Server Support for Deploying Cisco Catalyst 8000V |
This feature lets you deploy Cisco Catalyst 8000V instances, on supported routers, using the UCS-E series blade server modules. With this feature, the supported routers can be configured as integrated service nodes, external service nodes, or hybrid clusters with both internal and external service nodes. |
This feature lets you to configure EtherChannels on Cisco IOS XE SD-WAN devices on the service-side VPN. |
|
When a Cisco IOS XE SD-WAN device receives traffic belonging to different VPNs from the branch network, you can configure a QoS policy to limit the bandwidth that can be used by the traffic belonging to each VPN or each group of VPNs. |
|
This feature lets you to enable implicit ACL on loopback TLOC interfaces so that ACL rules are applied to the traffic destined to it. |
|
You can configure cflowd traffic flow monitoring to collect ToS, sampler ID and remarked DSCP values in netflow records. |
|
This feature lets you to configure a single unified security policy in which you specify both the firewall action and the UTD action in the same rule in the policy. |
|
Wireless Management on Cisco 1000 Series Integrated Services Routers |
This feature lets you to configure wireless LAN settings on Cisco 1000 Series Integrated Services Routers using Cisco vManage. |
Redistribution of Replicated Routes to BGP, OSPF, and EIGRP Protocols |
You can configure route redistribution between the global VRF and service VPNs using the Global Route Leak option under the Cisco VPN feature template. |
Support for License Management Offline Mode and Compliance Alarms |
You can manage Cisco SD-WAN licenses through a Cisco vManage instance that is not connected to the internet. To synchronize license and compliance information between Cisco vManage and Cisco SSM, you must periodically download synchronization files from Cisco vManage and upload the files to Cisco SSM. |
Configure RBAC for policies in Cisco vManage. |
|
You can add Cisco vManage servers to a cluster by identifying servers based on personas. A persona defines what services run on a server. |
|
Generate System Status Information for a Cisco vManage Cluster Using Admin Tech |
You can collect system status information for a Cisco vManage cluster. Prior to this feature, Cisco SD-WAN was only able to generate an admin-tech file for a single device. |
Support for Reverse Proxy with Cisco IOS XE SD-WAN Devices and Cisco SD-WAN Multitenancy |
With this feature, you can deploy a reverse proxy device in your overlay network between Cisco IOS XE SD-WAN devices and Cisco vManage and Cisco vSmart Controllers. Also, this feature enables you to deploy a reverse proxy device in both single-tenant and multitenant overlays that include Cisco vEdge or Cisco IOS XE SD-WAN edge devices. |
You now have four new views on the Cisco vManage UI that enable you to monitor your multicloud network. |
|
This feature allows you to disable data collection for Cisco SD-WAN telemetry using Cisco vManage. Data collection for telemetry is enabled by default. |
|
If the location of the device goes beyond its geographical boundary, you can restrict network access to the device using Cisco vManage operational commands. For more information, see the Cisco SD-WAN Monitor and Maintain Configuration Guide. |
|
You can view a list of generated admin-tech files and determine which files to copy from your device to Cisco vManage. You can then download the selected admin-tech files to your local device, or delete the downloaded admin-tech files from Cisco vManage, the device, or both. |
|
You can configure network-wide path insight options, including additional filters and parameters for traces and DNS domain discovery, and view new displays for application flows, trace views, and app trends. |
|
You can view detailed information about the flow of traffic from a device. and use this information to assist with troubleshooting. |
|
Additional Real Time Monitoring Support for Routing, License, Policy, and Other Configuration Options |
This feature adds support for real time monitoring of numerous device configuration details including routing, license, policy, Cloud Express, Cisco vBond Orchestrator, TCP optimization, tunnel connection, logging, and Cisco Umbrella information. Real time monitoring in Cisco SD-WAN Manager is similar to using show commands in the CLI of a device. There are many device configuration details for Cisco SD-WAN Manager. Only a subset of the device configuration details is added in Cisco IOS XE Catalyst SD-WAN Release 17.6.1a and Cisco vManage Release 20.6.1. |
Feature | Description |
---|---|
Cisco vManage How-Tos for Cisco IOS XE SD-WAN Devices |
|
This feature enhances match action conditions in a centralized data policy for parity with the features configured on Cisco IOS XE SD-WAN devices. When you are setting up next-hop-loose action, this feature helps to redirect application traffic to an available route when next-hop address is not available. |
|
You can easily create copies of service groups, download, and upload service group configuration properties using Cisco vManage. |
|
This feature provides an express method for configuring an intent-based performance monitor with the help of predefined monitoring profiles. Configure this feature using the CLI Add-on feature template in Cisco vManage. |
|
You can configure authorization, which authorizes commands that a user enter on a device before the commands can be executed, and accounting, which generates a record of commands that a user executes on a device. |
|
You can enable a device to automatically determine the bandwidth for WAN interfaces in VPN0 during day 0 onboarding by performing a speed test using an iPerf3 server. |
|
Support for Pay As You Go License for Cisco Catalyst 8000V Edge Software Instances |
You can use Cisco Catalyst 8000V Edge Software instances with pay as you go (PAYG) licenses when creating a new cloud gateway in Amazon Web Services (AWS), in addition to the previously supported bring your own license (BYOL) model. |
You can use the AWS Transit Gateway Connect feature to connect a cloud gateway to an AWS Transit Gateway when creating a new cloud gateway in AWS. |
|
You can configure site attachment to connect branch devices to the cloud from the Cloud Gateways screen. For each of the cloud gateways, you can view, delete, or attach more sites. |
|
You can configure the Backup information to enter storage server settings and backup intervals. |
|
You can configure Cisco SD-WAN cloud gateways with Google Cloud using the Cloud onRamp for Multi-Cloud workflow in Cisco vManage. |
|
This feature adds the ability to balance traffic for cloud applications across multiple DIA interfaces. |
|
To specify the service area that your Microsoft 365 application belongs to, choose an option from the Service Area drop-down list. |
|
This feature automates the provisioning of tunnels from Cisco SD-WAN routers to Zscaler. Using your Zscaler partner API credentials, you can automatically provisions tunnels to Zscaler Internet Access (ZIA) Public Service Edges. You can choose Zscaler in the Cisco Security Internet Gateway (SIG) and SIG credentials feature templates to automate tunnel provisioning. You can configure provisioning of tunnels from Cisco SD-WAN routers. |
|
You can configure DRE using the AppQoE feature template in Cisco vManage. Ensure that you select devices supported for DRE. |
|
Geolocation-Based Firewall Rules for Allowing or Denying Network Traffic Based on Geolocation |
You can configure firewall rules for allowing or denying network traffic based on the source and destination location instead of IP addresses. |
You can create groups of communities to use in a match clause of a route map in Cisco vManage. |
|
You can configure automatic selection of an RP candidate using a PIM BSR in an IPv4 multicast overlay. |
|
HTTP/HTTPS Proxy Server for Cisco vManage Communication with External Servers |
Cisco vManage uses HTTP/HTTPS to access some web services and for some REST API calls. With this feature, you can channel the HTTP/HTTPS communication through an HTTP/HTTPS proxy server. |
You can configure Best Tunnel Path to pick the best path while configuring SLA class. |
|
To enable logging of dropped packets, check the Implicit ACL Logging check box and to configure how often the packet flows are logged, enter the value in the Log Frequency field. |
|
You can configure Unified Threat Defense Resource Profiles using Cisco vManage. |
|
You can now configure SGT propagation using SXP and SGT enforcement on Cisco IOS XE SD-WAN devices through Cisco vManage. |
|
You can configure SNMP with encrypted strings using CLI templates. |
|
You can deploy a Cisco Catalyst 8000v Edge Software (Cisco Catalyst 8000V) instance as the interconnect gateway in the Megaport fabric and connect an SD-WAN branch location to the interconnect gateway. From the interconnect gateway, you can create software-defined interconnects to an AWS cloud onramp or another interconnect gateway in the Megaport fabric. |
|
This feature lets you configure TCP MSS on Cisco IOS XE SD-WAN devices on both directions of the Cisco SD-WAN tunnel interface. |
|
This feature provides you the option in Cisco vManage to clear the Don't Fragment bit in the IPv4 packet header for packets being sent out on a Cisco SD-WAN tunnel. |
|
To save device template configuration changes in Cisco vManage, enable the draft mode. To save device template configuration changes on the devices attached to the template, disable the draft mode. |
|
License Management for Smart Licensing Using Policy, Using Cisco vManage |
Cisco vManage shows available DNA licenses, assigns licenses to devices, and reports license consumption to Cisco Smart Software Manager (Cisco SSM). |
You can configure role-based access control (RBAC) based on sites or resource groups in Cisco vManage. |
|
This feature lets you review the last edited configuration in Cisco vManage when a configuration push to the device fails. |
|
This feature adds support for upgrading the firmware of Cisco IOS XE SD-WAN Devices that have LTE connectivity. |
|
You can view traffic, CPU, memory usage, health and reachability of UTD. |
|
View Loss Percentage, Latency, Jitter, and Octet Information for Tunnels |
You can view the loss percentage, latency, jitter, and octet information for tunnels in a single chart option in Cisco vManage. |
This feature optimizes the alarms on Cisco vManage by automatically suppressing redundant alarms. This allows you to easily identify the component that is causing issues. You can view these alarms in . |
Feature | Description |
---|---|
Cisco vManage How-Tos for Cisco IOS XE SD-WAN Devices |
|
You can create a data policy where you can selectively define an application list along with other existing match criteria in the data-policy to redirect the application traffic to a Secure Internet Gateway (SIG). |
|
For a multitenant Cisco SD-WAN deployment, you can configure Cisco vManage to operate in multitenant mode. Through the multitenant Cisco vManage, you can add new Cisco vSmart Controllers, manage tenants, and view tenants being served by a Cisco vSmart Controller and the OMP statistics for a tenant. |
|
This release supports Per-class application-aware routing to Cisco SD-WAN. You can configure Application Probe Class using Cisco vManage. |
|
You can now configure supported devices as external AppQoE service nodes through Cisco vManage. |
|
You can now configure Azure virtual WAN hubs using the Cloud OnRamp for Multi-Cloud workflow in Cisco vManage. |
|
You can configure a supported cellular gateway as an IP pass-through device from the Templates tab. |
|
Azure Government Cloud Support for Cisco IOS XE SD-WAN Devices |
You can now configure the geographical regions based on the Environment settings of Cloud onRamp for IaaS. |
Application Feedback Metrics for Office 365 Best Path Selection on Cisco IOS XE SD-WAN Devices |
This feature adds new metrics as inputs to the best-path selection algorithm for Office 365 traffic. The new inputs include best-path metrics from Microsoft Cloud Services. You can enable collection of the metrics, and you can view a log of all of the metrics that factor into the best-path determination for Microsoft Office 365 traffic. |
You can now use the SIG template to steer application traffic to Cisco Umbrella or a Third party SIG Provider. You can also configure weights for multiple GRE/IPSEC tunnels for distribution of traffic among multiple tunnels based on the configured weights. |
|
This release extends Enhanced Policy Based Routing (ePBR) to Cisco SD-WAN. You can create ePBR policies using CLI add-on templates in Cisco vManage. |
|
Ethernet Connectivity Fault Management Support on Cisco IOS XE SD-WAN Devices |
You can now configure Ethernet Connectivity Fault Management functionality on Cisco IOS XE SD-WAN devices using the Add-On feature template in Cisco vManage. |
You can now configure sets of rules called rule sets that have the same intent. You can also re-use rule sets between security policies. |
|
You can configure port-scanning detection and apply a severity level (low, medium, or high) using a CLI template. |
|
You can configure cflowd traffic flow monitoring on Cisco IOS XE SD-WAN devices. |
|
You can now define a new match condition that can be used to specify a list of ICMP messages for centralized data policies, localized data policies, and Application-Aware Routing policies. |
|
You can now configure Azure virtual WAN hubs using the Cloud OnRamp for Multi-Cloud workflow in Cisco vManage. |
Feature | Description |
---|---|
Cisco vManage How-Tos for Cisco IOS XE SD-WAN Devices |
|
You can now configure adaptive QoS from the Adaptive QoS tab using the Cisco VPN template for one of the supported interfaces. |
|
You can now use the CLI Add-on feature templates in Cisco vManage to configure BFD for supported routing protocols. |
|
AWS Government Cloud Support for Cisco IOS XE SD-WAN Devices |
You can now configure the geographical regions based on Environment settings of Cloud onRamp for IaaS. |
Using Cloud onRamp for SaaS, you can select specific SaaS applications and interfaces, and let Cisco SD-WAN determine the best performing path for each SaaS applications. For Cisco IOS XE SD-WAN devices, you can also limit the use of best path selection to some or all Office 365 traffic, according to the Office 365 traffic categories defined by Microsoft. |
|
You can define custom applications to identify specific network traffic. You can use custom applications in the same way as any other protocol when configuring Cisco SD-WAN policies, or Application Quality of Experience (AppQoE) policies, such as application-aware routing, TCP acceleration, and Quality of Service (QoS). |
|
You can configure on-demand tunnels between any two Cisco SD-WAN spoke devices. These tunnels are triggered to be set up only when there is traffic between the two devices. |
|
You can configure the Stackwise Virtual Switch Link (SVL) and uplink ports of switches, and Cisco CSP data ports using the Port Connectivity configuration settings of Cloud OnRamp for Colocation cluster . |
|
This feature allows you to configure up to six SLA classes per policy on Cisco IOS XE SD-WAN devices. This allows additional options to be configured in an application-aware routing policy. |
|
You can configure items for UC voice services from the Feature tab and the Voice Policy page for a supported device. |
|
You can configure a router as an NTP primary router from the NTP template tab. |
|
You can configure route leaking between global VRF and service VPNs using the Global Route Leak option under the Cisco VPN feature template. |
|
You can configure service chaining for a device, from the Service tab. |
|
This feature lets you see all the HTTP sessions that are open within Cisco vManage. It gives you details about the username, source IP address, domain of the user, and other information. A user with User Management Write access, or a netadmin user can trigger a log out of any suspicious user's session. |
|
You can configure the Cisco TrustSec Security Group Tag (SGT) propagation feature, Inline Tagging, from the TrustSec tab using the Cisco VPN template for one of the supported interfaces. |
|
You can configure the TACACS authentication for users using the TACACS configuration settings of Cloud OnRamp for Colocation cluster. |
|
To configure Static Route Tracking on Cisco vManage, configure an endpoint tracker using Cisco System template, and Configure a static route using the Cisco VPN template. |
|
You can configure DIA Tracker using the Tracker tab of the Cisco System template. You can apply the tracker to a transport interface using either Cisco VPN Interface Ethernet or Cisco VPN Interface Cellular templates. |
|
You can now configure Posture Assessment capabilities to validate compliance of endpoints according to security policies of your enterprise, through the Add-On feature template in Cisco vManage. |
|
This feature provides an enhancement to onboard your device to Cisco vManage by directly uploading a .csv file. You can now go to Cisco vManage by uploading a .csv file containing details of your device. and directly onboard your device to |
|
To configure service-side NAT using Cisco vManage, configure a centralized data policy using the , and configure a dynamic NAT Pool and Static NAT address using the Service VPN template. |
|
This feature allows you to use a subject SUDI serial number instead of a certificate serial number to add a device to a Cisco SD-WAN overlay network. |
|
You can now stop, start, or restart VNFs on Cisco CSP devices from the Colocation Clusters tab. |
|
This feature outlines the upgrade procedure for Cisco vManage servers in a cluster to Cisco vManage Release 20.3.1. To upgrade Cisco vManage instances in a Cluster, use the screen. |
|
This feature is an onboard packet capture facility that allows network administrators to capture packets flowing to, through, and from the device. The administrator can Manage to analyze these packets locally or save and export them for offline analysis through Cisco vManage. This feature gathers information about the packet format and therefore helps in application analysis, security, and troubleshooting. |