Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


New and Changed Features in Contrail Service Orchestration Release 5.0.2


This section describes the new features or enhancements to existing features in Contrail Service Orchestration (CSO) Release 5.0.2.

  • Enhancements to CSO license management—From CSO Release 5.0.2 onward, OpCo administrators can assign CSO licenses to their tenants, update or unassign license assignments, and view the tenants assigned to a CSO license.

  • Support for installing predefined IPS signatures—From Release 5.0.2 onward, tenant administrators can install the active signature database, which also contains predefined IPS signatures, on one or more devices (SRX Series and vSRX).

  • Support for IPS profiles—From CSO Release 5.0.2 onward, you can use predefined or customized IPS profiles and add IPS rules and exempt rules to customized profiles. You can then reference the IPS profiles in a firewall policy intent and deploy the IPS and exempt rules on the device (by deploying the firewall policy).

  • LTE support for SRX Series devices—From CSO Release 5.0.2 onward, you can configure LTE as an access type for WAN links on SRX320, SRX340, and SRX345 CPE devices in an SD-WAN deployment. In CSO releases before Release 5.0.2, you can configure LTE as an access type only for NFX150 and NFX250 CPE devices.

    You can also configure access point name (APN) settings for LTE WAN links for SRX320, SRX340, and SRX345 CPE devices on the Device-Name page in Customer Portal.

  • Chassis view support for EX Series devices—From Release 5.0.2 onward, for an EX Series switch, CSO displays the chassis view of ports, port statistics, and information about switch health on the Device-Name page.

  • Support for custom application signatures—From CSO Release 5.0.2 onward, you can create custom application signatures and use them in SD-WAN policies. CSO supports the following custom application signatures:

    • ICMP-based mapping

    • IP address-based mapping

    • IP protocol-based mapping

    • Layer 7-based signatures

  • Support for cloud spoke sites on AWS VPC—From CSO Release 5.0.2 onward, a tenant administrator or an OpCo administrator can add and configure a cloud spoke site for an SD-WAN endpoint in an Amazon Web Services (AWS) virtual private cloud (VPC). To add a cloud spoke site, log in to Customer Portal and select Resources > Site Management > Add > Add Cloud Spoke.

  • Predefined configuration templates for LAN and Next-Generation Firewall CPE devices—From CSO Release 5.0.2 onward, the following predefined configuration templates are added for LAN and Next-Generation Firewall CPE devices:

    • Pre ID Default Policy—Use this template to configure default policy settings for the Unified L4/L7 policy, before the final dynamic application is identified.

    • Static Routes—Use this template to configure static routes (for IPv4 and IPv6 networks) and advanced route settings.

    • Service—Use this template to configure system services for SSH and NETCONF.

    • Syslog—Use this template to configure Complete System Syslog Host, File, User, and Console settings.

    • DNS—Use this template to configure Domain Name Servers (DNS) on the device.

    • NTP—Use this template to configure Network Time Protocol (NTP) servers on the device.

    • Banner—Use this to configure a message that is displayed before logging in to the device.