Citrix SD-WAN Orchestrator

Known issues

October 28, 2021

Citrix SD-WAN Orchestrator service has the following known issues:

Configuration and Management

If a site is added to the configuration before performing staging and activation, enabling HA on the site post activation with a new serial number for the secondary appliance triggers auto-deployment of the newly added appliance. The staging fails with the error Staging Failed (Failed to download script files).

Workaround: After enabling HA, do a full network stage and activate process to deploy the HA appliance.

[ SDW-22567 ]

The WAN-OP Settings > SSL Profiles > Add section of the UI fails to display the list of newly created WAN optimization rules in the Service classes drop-down list.

Workaround: Create an SSL profile without specifying service classes, and then edit the same profile. The list of WAN optimization rules is displayed.

[ SDW-21734 ]

When the transit node configuration is removed, the static virtual paths between a transit node and the branch sites are not deleted.

Workaround: Delete the static virtual paths manually when the transit node configuration is removed.

[ SDW-16045 ]

Scheduling Information of the appliance in Change Management Settings might display outdated data, when the appliance reconnects to the Orchestrator after a factory reset.

Workaround: In the Change Management settings, select the desired scheduled window and apply it. The appliance is updated and the data between the appliance and the Orchestrator is synchronized.

[ SDW-15169 ]

Creating the transit nodes for the branches does not form virtual paths.

Workaround: Create the static virtual paths manually between the transit site and the branch nodes.

[ SDW-10104 ]


The UI displays an audit error when users try to configure VRRP. The error message states that VRRP IP cannot be configured for virtual IP with In-band management. This issue occurs when In-band management is not selected, Internet service is enabled, and there is only 1 routing domain.

[ SDWANHELP-2380 ]

Citrix SD-WAN Orchestrator service incorrectly reports that the In-band management is triggered although it is not used. This issue occurs when In-band provisioning is enabled on the SD-WAN appliance.

[ SDWANHELP-2363 ]

During staging or activation, fetching real-time statistics data from a site fails. It is because, the SD-WAN appliance gives higher priority to the Staging and Activation process compared to that of fetching the real-time statistics data.

[ SDWANHELP-2227 ]

A change in the SSL inspection root Certificate Authority (CA) and the key will not be propagated to the SD-WAN appliance unless another edge security related setting is also changed. This results in SSL inspection being performed with the previous root CA.

Workaround: Change another setting related to edge security, then stage and activate it. This triggers the download and application of the root CA and key.

[ SDW-16050 ]

Before you convert the TRUSTED interface to UNTRUSTED which is used for the DNS proxy, delete it from the DNS proxy and then modify the interface type. Otherwise, you might see an audit error Only a TRUSTED interface can be used for DNS Proxy.

[ SDW-13696 ]

For the existing Standard Edition (SE) devices, the Inspect action can be selected in firewall policies. Also, Advanced Edition (AE) to SE conversion throws an error when there are existing firewall policies with Inspect action enabled. In both of these scenarios, Staging and Activation work without any errors.

[ SDW-11355 ]

Platform and systems

In the Citrix SD-WAN 210 appliance, if you remove the add-on license, the services get disabled.

Workaround: Remove the firewall policy having security profile, stage, and activate the changes to convert the appliance to standard edition.

[ SDW-18031 ]

SD-WAN Orchestrator

If partial software upgrade was enabled and when the user changes the value of Ignore incomplete, the partial software upgrade value gets disabled. If Ignore incomplete was enabled and when the user changes value of partial software upgrade, the Ignore incomplete value gets disabled.

[ SDW-22503 ]

Known issues