(My objective read based on sk180605 — no marketing, just operational impact)

Below is a direct summary of what has changed in Check Point Quantum SD-WAN, which issues were addressed, and which designs become more viable for architecture and operations — as documented in sk180605.
Where relevant, I explicitly call out the minimum version / Jumbo Hotfix Take.

Main recent changes and improvements

1) Expanded Overlay VPN support (Multi-Domain / Global VPN Community)

• It is now possible to create an Overlay VPN between gateways managed by different domains using a Global VPN Community in an MDS environment starting with R81.20 Jumbo Hotfix Take 79.

• Previously, this was only possible between gateways under the same Management Server.

Practical impact: enables SD-WAN in organizations with domain-based governance (MDS), reduces workarounds, and simplifies cross-domain expansion.

2) Official support for Policy-Based Routing (PBR)

• SD-WAN supports PBR configuration on the Security Gateway starting with R81.20 Jumbo Hotfix Take 79 (and continuing in R82.x).

• Previously, PBR was not officially supported.

Critical operational detail (priority / precedence):
To ensure that a PBR rule is evaluated with higher precedence than SD-WAN steering, the PBR rule priority must be lower than 100. This is important because SD-WAN breakout behavior is PBR-like and interacts with routing precedence; using a priority below 100 is the safe standard when you must ensure the PBR decision wins.

3) Gateway limit increase in Star VPN Community

• The limit increased from 250 → 400 gateways (and in newer builds up to 500 in Early Availability — R82.x EA).

Practical impact: makes SD-WAN more applicable to large hub-and-spoke environments, reducing the need to split communities purely due to limits.

4) Support for Dynamic Routing in Overlay VPN

• Dynamic routing over Overlay VPN is now officially supported starting with R81.20 Jumbo Hotfix Take 79 (and continuing in R82.x).

Practical impact: enables more enterprise-grade designs (scale/convergence/ops), reducing dependency on static routes in overlays.

5) Resolution of symmetric return path issues (inbound Internet)

• Issue resolved: for inbound Internet connections, SD-WAN can ensure symmetric return over the same ISP link starting with R81.20 Jumbo Hotfix Take 79 (and continuing in R82.x).

Practical impact: eliminates one of the most painful multi-ISP failure modes (sessions breaking due to return-path asymmetry), especially for published services and state/NAT-sensitive applications.

6) DAIP (Dynamic Address IP): improvements, but constraints remain

• Some limitations have been removed, but restrictions still remain (R81.20 and R82.x) — for example: only one DAIP interface per Gaia gateway.

Practical impact: unlocks additional use cases at the WAN edge with dynamic addressing, but requires careful design for multi-link dynamic scenarios.

7) Support for SecureXL Kernel Mode (KPPAK)

• SD-WAN is supported when SecureXL runs in Kernel Mode (KPPAK) starting with R81.20 Jumbo Hotfix Take 96 (and continuing in R82.x).

Practical impact: reduces friction between SD-WAN and performance/acceleration requirements in environments that rely on Kernel Mode.

Resolved issues (consolidated view)

• Overlay VPN between different domains (via Global VPN Community in MDS) — R81.20 Take 79+ / R82.x.

• Official support for PBR and dynamic routing — R81.20 Take 79+ / R82.x.

• Symmetric inbound return path — R81.20 Take 79+ / R82.x.

• Expanded gateway scale in Star VPN — 400 (and 500 in R82.x Early Availability).

• Support for SecureXL Kernel Mode (KPPAK) — R81.20 Take 96+ / R82.x.

• Multiple limitations clarified and moved into official documentation status.

Important limitations still present

• No support for VPN Implicit MEP when only some central gateways use SD-WAN (R81.20 / R82.x).

• No support for Overlay VPN over VTI Unnumbered (R81.20 / R82.x).

• No support for interfaces with Network Type “Private” (Non-Monitored) (R81.20 / R82.x).

• No support for SD-WAN on VSX, Maestro, or Active-Active clusters (R81.20 / R82.x, addressed only in future versions / Early Availability per sk180605).

• Some DAIP and static NAT limitations still apply (R81.20 / R82.x) and should be validated case-by-case.

•  

Future possibilities (as indicated/outlined around the sk)

• Up to 500 gateways in Star VPN Community (R82.x Early Availability).

• QoS, monitoring, and enhanced NAT (new capabilities announced for 2025, R82.x Early Availability).

• Expanded support for cloud clusters (Geo Cloud Cluster in AWS, OCI, etc.).

• Ongoing improvements to Infinity Portal integration and onboarding automation.

• Broader coverage for hybrid and multi-cloud operational patterns.

Visual summary

Reference (canonical source)

• sk180605 (Quantum SD-WAN known limitations / documented changes and status)

• Quantum SD-WAN Administration Guide (configuration behavior and validations)

If you want, I can add a short “validation checklist” for upgrades to R82.x focusing on the failure modes these changes directly address (multi-ISP inbound symmetry, cross-domain overlay, PBR precedence, and SecureXL KPPAK).