What’s New
This page provides brief descriptions of new features in the recent Orchestrator release and links to additional information.
Orchestrator 9.5.2
The following features and updates are included in the user guide for Orchestrator 9.5.2.
NOTE: Some of these features were included in the Orchestrator 9.5.0 or 9.5.1 release but are documented for the first time in Orchestrator 9.5.2.
Adaptive DDoS
Users can now configure automatic baseline learning for Firewall Protection Profiles. The Adaptive DDoS feature also includes baseline reporting and two new DoS Threshold settings: Auto Rate Limit and Smart Burst. See Firewall Protection Profiles, Flow Baselines, and Flow Baseline Trends.
AppExpress Enhancements
Several improvements were made to AppExpress functionality, including the addition of reports to better illustrate Quality of Experience for AppExpress applications. Additionally, users will find that popular applications already have their AppExpress settings prepopulated. Finally, AppExpress is now reflected in the Flows tab and Business Intent Overlays tab. See AppExpress Summary Tab and Flows - Active and Recent.
Availability KPI Improvements
The Availability KPI feature now provides reporting on a per-underlay basis, which helps determine whether your SSEs and ISPs are meeting their contracted Service Level Agreements (SLAs). See Availability, Availability Time Settings, and Schedule and Run Reports.
Cluster Manager
Users can now synchronize user identity information between EdgeConnect appliances. Identity information is derived from NAC, GPID, and RADIUS snooping. Identity information is used to set QoS, firewall policies, and SD-WAN steering decisions based on Role, Username, or Device Type. The Cluster Manager also provides visibility and orchestration for the Flow Redirection feature. See Clusters and Cluster Profiles.
DDoS Statistics for Firewall Protection Profile
This feature provides statistics and reporting for the Firewall Protection Profiles (FPPs). Users can identify violating sources and other aspects of the EdgeConnect firewall’s behavior. See Protection Profile Top Talkers, Protection Profile Trends, and Statistics Retention.
IPS Enhancements
Several enhancements were made to the EdgeConnect Intrusion Prevention System (IPS), including the ability to preserve default rule actions of signatures in Signature Profiles and control automatic signature updates from Cloud Portal. See Intrusion Detection/Prevention System and Signature Profiles.
IPv6 SLAAC
This feature implements Stateless Address Auto Configuration (SLAAC) IPv6 addressing of ECOS Gateway WAN interfaces, along with stateless DHCPv6. Additionally, users can now assign an alias IP to VLANs. See Deployment Tab.
LAN-Side EC-V Connectivity to AWS Transit Gateway and Cloud WAN
Orchestrator now provides automation for AWS Cloud WAN. This allows two or more EC-Vs in Traditional HA mode in a Virtual Private Cloud (VPC) to automatically establish BGP sessions with an AWS Transit Gateway (TGW) or a Core Network Edge (CNE). This feature is designed to extend the SD-WAN fabric to reach workloads and services deployed in AWS, enabling users to quickly establish LAN-side connectivity with their choice of AWS-native service and redirect traffic to the EdgeConnect instances. See AWS Network Manager.
Stateful-SNAT Exceptions
This feature disables Stateful-SNAT source NATing for specific IP addresses or subnets found on the LAN-side of the EdgeConnect. This can be useful when the upstream service provider or web application allow-lists a specific public IP address or subnet other than the EdgeConnect’s assigned WAN-side IP address. See System Template and System Information.
VXLAN UI Enhancements
Several enhancements have been made to the Orchestrator UI to make VXLAN configuration and reporting easier, including new fields on the Routes tab to support static VXLAN for local routes and a new Details column on the VXLAN tab to provide information on the VXLAN’s state. See Routes Tab and VXLAN Tab.
Other Updates
The “Boost” feature has been renamed to “WAN Optimization” wherever it is used in the Orchestrator application. For instance, the Boost tab is now the WAN Optimization tab. The functionality remains the same.
Other Topic Enhancements
The following topic has also been enhanced for 9.5.2: