Running enterprise networks today is like trying to rebuild a plane while flying it. You’re expected to innovate in real time—without slowing down the business, disrupting users, or compromising security. For many IT and network teams, this creates a daily balancing act between speed and scale, innovation and risk, and visibility and control. The need for a smarter, simpler, and more secure approach to WAN management has never been greater.
That’s exactly what we’re delivering with the newest release of Cisco SD-WAN.
This update isn’t just about new features, it’s about empowering IT teams to manage complexity with ease, extend secure connectivity anywhere business happens, and drive innovation without compromise. With major advances that greatly simplify operations, enable seamless cloud integration, and provide enhanced security capabilities, the latest Cisco SD-WAN release—spanning Cisco Catalyst SD-WAN 20.18 and Meraki MX OS 19.2—is designed to help your network and your business stay one step ahead in a rapidly evolving world.
Here’s a look at what’s new, and what it means for your network strategy.
Simplified operations: making the complex simple
The demands on IT teams are growing, and anything that meaningfully reduces complexity and accelerates deployment times is a game-changer. This release introduces several enhancements that make it easier and faster to configure, monitor, and optimize your SD-WAN environment.
Managing modern networks shouldn’t feel like searching for a needle in a haystack. The new global search capability enables instant access to any object the Cisco Catalyst SD-WAN Manager knows, including devices, templates, policies, events, logs, and more.
The SD-WAN Manager Day-0 Settings Guided Task Flow helps get new deployments up and running with ease. It simplifies setup with step-by-step guidance—saving time, reducing complexity, and ensuring best practices from day one.
Upgrading your control components shouldn’t feel complicated. The new workflow adds visibility, automates checks, and supports scheduling, making upgrades faster, easier, and more reliable.
Beyond management, this release delivers key insights for proactive operations and optimization. The new app quality of experience (QoE) dashboard highlights metrics like transmission control protocol (TCP) optimization and data redundancy elimination (DRE) with per-site and per-app views, making it easy to identify performance gaps, apply policies, and improve efficiency.
The new security and end-of-use (EoX) advisory dashboard delivers centralized visibility into advisories, field notices, and EoX statuses for IOS-XE and control components, enabling proactive upgrade planning and reduced vulnerability exposure. Enhanced license management streamlines tracking, compliance, and high-availability checks, with SD-WAN Manager integration supporting easy license assignment and alerts for mixed-license deployments. Enhancements to network-wide path insights (NWPI) enable automatic security alert tracing from Unified Threat Defense (UTD) alerts like Intrusion Prevention System (IPS) hits, with exportable trace data for faster troubleshooting and improved reliability.
Seamless cloud integration: extending your network everywhere
The cloud is no longer a destination—it’s an integral part of the enterprise network. Our latest updates ensure your SD-WAN seamlessly extends to and optimizes connectivity across multicloud environments.
Customers with existing AWS Transit Gateways (TGWs) can now use Cloud OnRamp automation to discover or connect to TGWs, automating deployment of Cisco Catalyst 8000V Edge Software into customer-managed TGWs. This streamlines SD-WAN extension to AWS and supports diverse cloud architectures and service insertion models without disrupting existing cloud resources.
Cloud OnRamp for user-defined cloud apps introduces a new UX 2.0 workflow that enables SD-WAN routers to proactively monitor and optimize performance for both standard and custom applications, automatically selecting the best path for consistent user experiences across every cloud workload.
Catalyst 8000V performance has been significantly improved in IOS XE 17.18 with throughput enhancements for on-premises deployments on VMware ESXi and KVM hypervisors. These benefit both SD-WAN and SD-Routing deployments, particularly on 4-, 8-, and 16-core instances. While public cloud throughput gains vary, these optimizations support high-performance, scalable, secure routing.
Catalyst 8000V now supports Oracle Cloud Infrastructure (OCI), delivering up to 10 Gbps encrypted throughput. Terraform automation simplifies deployment, enabling consistent, high-performance SD-WAN rollout in OCI. In Google Cloud Platform (GCP), Catalyst 8000V now supports N4 and N2 compute instances, enabling up to 10 Gbps encrypted throughput and broader global deployments.
Security: smarter, centralized protection
For large enterprises, managing security across diverse solutions can be challenging. The integration of Catalyst SD-WAN Manager and Cisco Security Cloud Control (SCC) allows SecOps teams to centrally manage their Cisco secure router branch next-generation firewall (NGFW) policies directly from the SCC dashboard. This provides unified policy management, security dashboards, and log monitoring capabilities powered by Cisco Security Analytics and Logging (SAL) and the SD-WAN analytics engine, significantly decreasing operational complexity and cost while improving security operations.
Out-of-the-box IPS signatures often lead to false positives or missed threats. Our new Intrusion Prevention System custom signature set empowers security teams to precisely tailor Cisco secure router NGFW IPS policies, allowing for granular customization to ensure optimal security and performance specific to their environment.
In large enterprises with hundreds of NGFW policies, managing updates without version control is risky. The new security policy rollback and version control feature lets customers create versioned policy copies, perform one-click rollbacks, visually compare versions, add comments, and track changes with audit logs—simplifying change management and speeding recovery from misconfigurations.
Security visibility at the branch is improved with historical traffic logging in SD-WAN Manager. This feature provides centralized log visualization, flexible filtering options, customizable time windows (up to the past month), detailed event views, and easy CSV export, enabling more effective audits and streamlined troubleshooting.
For Meraki SD-WAN customers, we’re enhancing resilience and operational efficiency with a native dashboard experience designed for IPsec active-active peering for Cisco Secure Access and security service edge (SSE) integrations. This comprehensive feature includes tunnel monitoring (including Layer 7 health checks), true active-active tunnels, and direct internet access (DIA) fail-open support. Combined with advanced cryptography on the Meraki OS, customers gain enhanced resilience; operational efficiency; and always-on, highly secure VPN connections for critical data.
The new Cisco SD-WAN: built for what’s now—and what’s next
This new release of Cisco SD-WAN isn’t just about keeping pace—it’s about equipping your IT and network teams with the tools they need to stay ahead of the pace of change. Whether you’re rolling out new branches, integrating multicloud services, or evolving your security strategy, these updates are purpose-built to help you deliver secure, high-performing connectivity—anywhere, anytime.
As the network becomes the platform for digital business, Cisco SD-WAN continues to evolve with it, bringing simplicity, intelligence, and security to organizations.
Ready to explore what’s possible with the newest Cisco SD-WAN innovations?
Additional resources:
Read Cisco SD-WAN e-book
Watch Cisco SD-WAN demo