What’s New

This page provides brief descriptions of new features in the recent Orchestrator release and links to additional information.

Orchestrator 9.6.0

The following features and updates are included in the user guide for Orchestrator 9.6.0.

Secure Web Services

With the new Secure Web Services feature, EdgeConnect appliances integrate with cloud-based OpenText™ Threat Intelligence (BrightCloud), a cybersecurity solution that provides real-time classification and blocking of web-based threats and policy violations. EdgeConnect administrators can now filter traffic by using three new filter criteria: URL Reputation, URL Category, and IP Reputation. Additionally, the Secure Web Services Top Talkers tab provides historical statistics related to Secure Web Services for selected appliances. See Secure Web Services and Secure Web Services Top Talkers.

Expanded IPv6 Support

Expanded IPv6 support includes segmentation support for IPv6, local breakout support, IPv6 to IPv6 NAT, IPv6 zero touch provisioning, IPv6 loopback orchestration, and inbound port forwarding for IPv6 flows. See Loopback Orchestration, Inbound Port Forwarding, and Business Intent Overlays.

Per-Interface Fallback Role and Loopback Interface Role

When other identity pipelines, such as Radius snooping, NACD, and VXLAN/GPID, are not present, you can now specify an Interface Role (for example, a VLAN for unauthenticated IoT devices could have the Interface Role set to “IoT”). See Deployment.

Also, loopback interfaces now support a Role selection, which enables specifying the source role for a flow when other identity pipelines, such as Radius snooping, NACD, and VXLAN/GPID, are not present. See Role Based Access Control.

VRRP Convergence Improvement

VRRP now allows specification of a “tracked VRRP instance.” Tracking a VRRP instance causes special fabric handling that leads to improved flow failover and convergence. An indication of the VRRP state displays in the appliance tree and the Routes tab. In the VRRP Settings, enabling the Site/Cluster Tracking option optimizes traffic by enabling convergence to happen quickly. See VRRP.

Routing Segmentation Support for NAT

The NAT feature now supports routing segmentation. You can use NAT to translate overlapping local IPs within a branch into globally scoped and routable IPs within the fabric. You can also use routing segmentation in combination with NAT within your branch locations. See NAT.

Customized Orchestrator Log Levels

Previously, it was possible to set global log levels in Orchestrator. Now, you can also set custom loggers and log levels, providing more functionality and more granular control over logging. Customized loggers include profiles to capture details around orchestration tasks, system performance, template changes, authentication, and much more. See Change the Orchestrator Log Level.

Route Labels

Route labels can be applied to static or announce-only routes and linked to IP SLA rules, which monitor destinations to dynamically control route status and enhance network reliability by avoiding unreachable destinations. See Route Labels.

The Route Label Status tab provides an at-a-glance view of the status of all route labels. See Route Label Status.

Appliance IP Allow List

The Appliance IP Allow List restricts which IP addresses can establish SSH, SNMP and HTTPS connections to an appliance. This blocks access from unknown or potentially malicious IP addresses by ensuring that only specified IP addresses are permitted to initiate sessions. See Appliance IP Allow List.

Password Enforcement and Management

You can now select whether to enforce enhanced password security for all locally configured Orchestrator and appliance users and set criteria to ensure your enterprise security standards are met. See Password Settings Template and Orchestrator Users.

SYN Cookie is a protection feature of the EdgeConnect Firewall that mitigates Distributed Denial of Service (DDoS) attacks that exploit the TCP three-way handshake process. It uses dynamic IP reputation management to assign localized reputation scores to source IP addresses. Historical data for internal or LAN IP addresses is tracked. Smart SYN Cookie uses smart functionality to increase the efficiency of the SYN Cookie feature. See Firewall Protection Profiles and Internal IP Reputation.

Cipher Profiles

Cipher Profile settings allow you to restrict the use of certain ciphers for the Orchestrator and EdgeConnect OS (ECOS) services that use cryptography, including TLS, Tunnels, SSH, Certificates, SNMP, NTP, and Clusters. See Cipher Settings.

EC-V in Azure vWAN Hub and LAN-side Connectivity to Azure Resources

The Azure Network Manager feature introduces several new capabilities that simplify connectivity between EC-Vs in Azure and Azure Networking services. It enables seamless integration with services such as the Standard Internal Load Balancer, Azure Route Server, and Azure Virtual WAN Hub. This feature allows users to streamline the horizontal scaling of EC-Vs in Azure, thereby enhancing resilience and redundancy for Azure-based mission-critical workloads.

Stats Collector Update (On-Prem Orchestrator)

In previous releases, if you were collecting statistics for more than 100 appliances, you were required to create and configure remote stats collectors for every additional 150 appliances. Statistics are now collected on a single virtual instance and do not require configuration. In addition to simplified management and administration, this update also improves the performance and reliability of statistics collection. See Stats Collector Configuration.

If you are upgrading an on-prem Orchestrator deployment to 9.6.0 or later, your statistics data will not be migrated automatically to the new Stats Collector that runs on a single virtual instance. To migrate your existing statistics data, see Migrate Stats Collectors to 9.6.0 On-Prem Orchestrator.

NOTE: If you are upgrading an Orchestrator-as-a-Service (OaaS) deployment to 9.6.0 or later, your statistics data will be migrated automatically.

Other Updates

The following topics have also been updated for 9.6.0: