Kaspersky SD-WAN
- Kaspersky SD-WAN Help
- About Kaspersky SD-WAN
- Architecture of the solution
- Deploying Kaspersky SD-WAN
- Redundancy of solution components
- About the installation archive
- About the attended, unattended, and partially attended action modes
- Preparing the administrator device
- Managing passwords
- Preparing the configuration file
- Replacing the graphics of the orchestrator web interface
- Replacement of a failed controller node
- Upgrading Kaspersky SD-WAN
- Removing Kaspersky SD-WAN
- Logging in and out of the orchestrator web interface
- Licensing of Kaspersky SD-WAN
- User interface of the solution
- Navigating to the orchestrator API
- Managing the Kaspersky SD-WAN infrastructure
- Managing domains
- Managing data centers
- Managing management subnets
- Managing controllers
- Managing a VIM
- Managing users and their access permissions
- Multitenancy
- Managing CPE devices
- About the interaction of the CPE device and the orchestrator
- About the interaction of the CPE device and the controller
- Default credentials of KESR CPE devices
- Scenario: Automatic registration (ZTP) of a CPE device
- Scenario: Deployment on the VMware virtualization platform and automatic registration (ZTP) of a vCPE device
- Scenario: Re-registering a CPE device
- Managing CPE templates
- Managing CPE devices
- Adding a CPE device
- Generating an URL with basic CPE device settings
- Manually registering a CPE device
- Unregistering a CPE device
- Specifying the address of a CPE device
- Enabling and disabling a CPE device
- Restarting a CPE device
- Shutting down a CPE device
- Connecting to the CPE device console
- Viewing the password of a CPE device
- Exporting orchestrator and controller connection settings and SD-WAN interfaces from a CPE device
- Exporting network interfaces from a CPE device
- Changing the DPID of a CPE device
- Deleting CPE devices
- Two-factor authentication of a CPE device
- Managing certificates
- Automatically deleting and disabling CPE devices
- Grouping CPE devices using tags
- Configuring logs on CPE devices
- Specifying NTP servers on CPE devices
- Managing modems
- Updating firmware
- Manually updating firmware on a CPE device
- Uploading firmware to the orchestrator web interface
- Scheduling firmware updates on selected CPE devices
- Scheduling firmware updates on CPE devices with specific tags
- Restoring firmware of a KESR-M1 CPE device
- Restoring firmware of a KESR-M2-5 CPE device
- Correspondence of CPE device models with firmware versions
- Deleting firmware
- Additional configuration of CPE devices using scripts
- Managing network interfaces
- Creating network interfaces
- Creating a network interface with automatic assignment of an IP address via DHCP
- Creating a network interface with a static IPv4 address
- Creating a network interface with a static IPv6 address
- Creating a network interface for connecting to an LTE network
- Creating a network interface for connecting to a PPPoE server
- Creating a network interface without an IP address
- Editing a network interface
- Disabling or enabling a network interface
- Canceling the application of network interface settings to a CPE device
- Deleting a network interface
- Creating network interfaces
- Configuring the connection of a CPE device to the orchestrator and controller
- Managing SD-WAN interfaces
- About sending information about SD-WAN interfaces of the WAN type to the controller
- Package fragmentation
- Traffic queues on SD-WAN interfaces
- Creating an SD-WAN interface of the WAN type
- Editing an SD-WAN interface
- Disabling or enabling an SD-WAN interface
- Deleting an SD-WAN interface of the WAN type
- Managing service interfaces
- Managing OpenFlow port groups
- Configuring a UNI for connecting CPE devices to network services
- Adding a static route
- Filtering routes and traffic packets
- Route exchange over BGP
- Route exchange over OSPF
- Using BFD to detect routing failures
- Ensuring high availability with VRRP
- Transmission of multicast traffic using PIM and IGMP protocols
- Managing virtual routing and forwarding (VRF) tables
- Monitoring traffic packet information using the NetFlow protocol
- Diagnosing a CPE device
- Running scheduled tasks on CPE devices
- IP address and subnet ranges for CPE devices
- Managing the firewall
- Managing network services and virtualization of network functions
- Managing network service templates
- Managing network services
- Scenario: Deploying a virtual network function
- Scenario: Deploying a physical network function
- Managing VNF and PNF packages
- Specifying a brief description of a shared network service
- Managing virtual network functions
- Selecting the flavour of a virtual network function
- Configuring external connection points of a virtual network function
- Basic settings of a virtual network function
- Hosting the virtual network function in a data center and on a uCPE device
- Stopping or starting a virtual network function or a VDU that is part of it
- Pausing or unpausing a virtual network function or a VDU that is part of it
- Suspending or unsuspending a virtual network function or a VDU that is part of it
- Soft rebooting a virtual network function or a VDU that is part of it
- Hard rebooting of a virtual network function or a VDU that is part of it
- Redeploying a virtual network function or a VDU that is part of it
- Auto-healing a virtual network function or a VDU that is part of it
- Managing VDU snapshots
- Managing physical network functions
- Configuring a P2P service
- Configuring a P2M service
- Configuring an M2M service
- Configuring a shared network (OS 2 SHARED)
- Configuring a virtual router (OS vRouter)
- Configuring a VLAN
- Configuring a VXLAN
- Configuring a flat network
- Configuring a UNI
- Monitoring solution components
- Specifying the Zabbix server
- Specifying the Zabbix proxy server
- Configuring CPE device monitoring
- Viewing monitoring results
- Viewing problems
- Viewing the status of the solution and its components
- Viewing logs
- Viewing and deleting service requests
- Sending CPE device notifications to users
- Selecting the Docker container log verbosity
- Monitoring CPE, VNF, and PNF devices using SNMP
- Link monitoring
- Building an SD-WAN network between CPE devices
- Quality of Service (QoS)
- Transmission of traffic between CPE devices and client devices using transport services
- Traffic packet duplication
- Scenario: Directing application traffic to a transport service
- Managing Point-to-Point (P2P) transport services
- Managing Point-to-Multipoint (P2M) transport services
- Managing Multipoint-to-Multipoint (M2M) transport services
- Managing L3 VPN transport services
- Managing IP multicast transport services
- Managing transport services in an SD-WAN instance template
- Managing transport services in a CPE template
- Traffic mirroring and forwarding between CPE devices
- Appendices
- Glossary
- Control plane
- Controller
- Customer Premise Equipment (CPE)
- Data plane
- Orchestrator
- Physical Network Function (PNF)
- PNF package
- Port security
- SD-WAN Gateway
- SD-WAN instance
- Software-Defined Networking (SDN)
- Software-Defined Wide Area Network (SD-WAN)
- Tenant
- Transport strategy
- Universal CPE (uCPE)
- Virtual Deployment Unit (VDU)
- Virtual Infrastructure Manager (VIM)
- Virtual Network Function Manager (VNFM)
- VNF Package
- Contacting Technical Support
- Information about third-party code
- Trademark notices
About Kaspersky SD-WAN > What's new
What's new
What's new
Kaspersky SD-WAN has the following new and improved functionality:
- Centralized firewall management is supported with firewall template and DPI support. Now you can disable or enable DPI when specifying basic firewall settings and specify DPI marks to apply firewall rules to application traffic packets.
- Now you can create DNAT and SNAT rules for firewall management if you want to use the Source Network Address Translation (SNAT), Destination Network Address Translation (DNAT), and Port Address Translation (PAT) mechanisms. You can centrally manage these mechanisms using firewall templates.
- You can use up to 100 virtual routing and forwarding tables (VRF) on CPE devices. You can put BGP routes into one of the virtual routing and forwarding tables.
- Now you can install certificate chains on CPE devices
- Now you can monitor traffic packet information using the NetFlow protocol versions 1, 5, and 9. You can centrally manage the protocol using NetFlow templates.
- Information about the following events is now sent to the Syslog server that you can specify:
- A user logging in or out of the orchestrator web interface.
- A user entering the password incorrectly when logging in to the orchestrator web interface.
- A user conducting a brute-force attack.
- An attempt to log in to the orchestrator web interface using a non-existent account.
- Two-factor authentication of users is now supported using the Time-based-one-time password (TOTP) algorithm.
- Support for upgrading Kaspersky SD-WAN from version 2.1.3 to 2.2.0. If you are using a version lower than 2.1.3, you must first upgrade the solution to version 2.1.3, and then to 2.2.0. You must first upgrade the central components of the solution, and then the CPE devices.
- The installation archive for quick deployment of Kaspersky SD-WAN is now available. The installation archive lets you modify elements of the orchestrator web interface, such as the displayed logo of your organization.
- Sending notifications about events and problems on CPE devices to user emails is now supported.
- Now you can diagnose CPE devices using the following utilities:
- Version 6.0.0 of the Zabbix monitoring system is supported.
- The OVF template for vCPE devices is supported. You can use an OVF template to deploy a vCPE device on the VMware virtualization platform and automatically register it.
- Optimized performance of the Controller and CPE devices.
- Optimized recovery of a failed Controller node.
- Now you can create IP address and subnet ranges for CPE devices (IPAM). You can use these ranges to centrally assign IPv4 addresses to network interfaces of CPE devices. You can also use IP address ranges to centrally assign IPv4 addresses to CPE router IDs.
- CPE device names are now displayed in Zabbix monitoring system.
- Now you can place CPE, VNF, and PNF device hosts into automatically created groups on the Zabbix server. Groups correspond to tenants to which VNFs, PNFs, and CPE devices belong.
- The RED OS 8 operating system is supported for central components of the solution.
- Users with the tenant role can now change the password.
- Assigned IPv4 addresses can now be displayed in the table of network interfaces of a CPE device.
- Now you can create network interfaces for connecting to a PPPoE server.
- CPE devices can now relay multicast traffic using the PIM and IGMP protocols.
Article ID: 248911, Last review: Oct 14, 2024