Enhancements

Enhancements in Secure SD-WAN version 7.2.3

Enhancement	Description
New options to decrypt ESP and TLS traffic captures are added	New options are added to collect TLS keys and IPsec secrets with traffic capture to be able to decrypt captured traffic using Wireshark. These options can be utilized in troubleshooting. For more details: On how to decrypt TLS traffic captures collected from the SD-WAN Engine, refer to the Knowledge Base article 11554. On how to decrypt ESP packets captured from the Secure SD-WAN Engine, refer to the Knowledge Base article 11555.
Syslog forwarding can be added using the NGFW Manager	NGFW Manager configured Engine can be configured to forward syslog. Logs are sent over UDP in JSON format to a syslog server.
Explicit Proxy for HTTP and HTTPS connections	Users' web browser can be configured to use the SD-WAN Engine IP address as the HTTP(S) proxy server IP address. The feature supports proxy authentication. This feature is currently available for beta testing. For more information, see How to use the SD-WAN Engine Explicit HTTP Proxy.

Enhancements in Secure SD-WAN version 7.2.2

Enhancement	Description
Radius authentication for engine log in	It is now possible to configure engines so that local administrators are authenticated via RADIUS. Also, it is possible to control if the root admin can log in only from local console or via network using SSH. RADIUS authentications of engine supports access-challenge methods. Note: This enhancement is only supported on engine versions 7.2.2 or later.
Support for inspection of Zstandard compressed traffic is added	Inspection process is able to decompress zstd encoded HTTP payload.
Virtual Engine Binding Priority	The FlexEdge Secure SD-WAN engine is now enhanced so that Virtual Engine binding priority can be configured for Master Engines. The configuration can be done by using SMC. For more information, see the How to Configure Virtual Engine Binding Priority in Master Engines Knowledge Base Article.

Enhancement

Description

Radius authentication for engine log in

It is now possible to configure engines so that local administrators are authenticated via RADIUS. Also, it is possible to control if the root admin can log in only from local console or via network using SSH. RADIUS authentications of engine supports access-challenge methods.

Note: This enhancement is only supported on engine versions 7.2.2 or later.

Support for inspection of Zstandard compressed traffic is added

Inspection process is able to decompress zstd encoded HTTP payload.

Virtual Engine Binding Priority

The FlexEdge Secure SD-WAN engine is now enhanced so that Virtual Engine binding priority can be configured for Master Engines. The configuration can be done by using SMC.

For more information, see the How to Configure Virtual Engine Binding Priority in Master Engines Knowledge Base Article.

Enhancements in Secure SD-WAN version 7.2.1

Enhancement	Description
Support for IPv6 address in the PPPoE interface is added	SMC managed single engine can now have both dynamic IPv4 and IPv6 addresses in its PPPoE interface. For more information, see the Add point-to-point protocol clients to Single Engine interfaces topic in the Forcepoint FlexEdge Secure SD-WAN Product Guide.

Enhancement

Description

Support for IPv6 address in the PPPoE interface is added

SMC managed single engine can now have both dynamic IPv4 and IPv6 addresses in its PPPoE interface.

For more information, see the Add point-to-point protocol clients to Single Engine interfaces topic in the Forcepoint FlexEdge Secure SD-WAN Product Guide.

Enhancements in Secure SD-WAN version 7.2

Enhancement	Description
Legacy SNMP agent implementation removed	The legacy SNMP agent implementation has been removed on engine version 7.2 and later. Only the new enhanced version described in the Enhanced SNMP Agent default in NGFW Engine version 7.0 Knowledge Base Article is available.