Citrix SD-WAN Orchestrator

Known issues

Citrix SD-WAN Orchestrator service has the following known issues:

Configuration and Management

Sometimes, displaying different statistics for the duration of one day and more takes time. This is more observable for one week and more. In some of the cases, the request does not get completed in time and the UI then shows - no statistics available.

[ SDWANHELP-1973 ]

When a site creation API request is made, the Citrix SD-WAN Orchestrator service displays the site but the site is nullified.

[ SDWANHELP-2230 ]

When you push the configuration from Citrix SD-WAN Orchestrator service to the Citrix SD-WAN appliance, the QoS Classes configuration for dynamic virtual paths does not take effect and the dynamic virtual paths do not reflect the configured rules.

[ SDW-19326 ]

The static virtual paths that are formed between a transit node and the branch sites are not getting deleted when the transit node configuration is removed.

Workaround: Delete the static virtual paths manually when the transit node configuration is removed.

[ SDW-16045 ]

Scheduling Information of the appliance in Change Management Settings might display outdated data when the appliance reconnects to the Orchestrator after a factory reset.

Workaround: In the Change Management settings, select the desired scheduled window and apply the same to the appliance. The appliance gets updated and the data between the appliance and the Orchestrator gets synchronized.

[ SDW-15169 ]

Activation fails when configuring an appliance with Advanced Edition (AE). This is due to missing configuration elements related to the Anti-malware configuration.

Workaround: Save the Anti-malware configuration from the UI once again and perform staging and activation.

[ SDW-12976 ]

Creating the transit nodes for the branches does not form virtual paths.

Workaround: Create the static virtual paths manually between the transit site and the branch nodes.

[ SDW-10104 ]


Upload of new Hosted Firewall VM image is failing in Citrix SD-WAN Orchestrator service.

[ SDW-18807 ]

Using the ping utility for All Sites, when you ping an IPv6 address the error message “Invalid IP address” is displayed.

[ SDW-18766 ]

Disabling the NTP servers for a site from the Citrix SD-WAN Orchestrator service GUI clears the existing NTP server entries from the Citrix SD-WAN appliance.

[ SDW-17906 ]

Error message is displayed when a Start or Stop action is attempted on a PPPoE session and the Start/stop operation is failing.

[ SDW-17763 ]

The Routing Domain column is not displayed on the Reports > Real Time > Statistics > Multicast Group table.

[ SDW-17671 ]

A change in the SSL inspection root Certificate Authority (CA) and the key will not be propagated to the SD-WAN appliance unless another edge security-related setting is also changed. This results in SSL inspection being performed with the previous root CA.

Workaround: Change another setting related to edge security, then stage and activate it. This triggers the download and application of the root CA and key.

[ SDW-16050 ]

Before you convert the TRUSTED interface to UNTRUSTED which is used for the DNS proxy, you need to first delete it from the DNS proxy and then modify the interface type. Otherwise, you might see an audit error that says that Only a TRUSTED interface can be used for DNS Proxy.

[ SDW-13696 ]

For the existing Standard Edition (SE) devices, Inspect action can be selected in firewall policies. Also, Advanced Edition (AE) to SE conversion throws an error when there are existing firewall policies with Inspect action enabled. In both of these scenarios, Staging and Activation work without any errors.

[ SDW-11355 ]

Platform and systems

Information associated with regions might be lost during some configuration changes.

[ SDWANHELP-2112 ]

You cannot Stage and Activate a new configuration change. The memory and CPU fields are assigned some default values and that cannot be changed as there is no option available in the SD-WAN Orchestrator UI currently. This issue occurs as the default values vary from customer to customer.

[ SDWANHELP-1764 ]

Citrix SD-WAN Orchestrator displays the real time report of all the configured VRRP instances. However, if a VRRP instance is enabled or disabled through Orchestrator, the VRRP real time report is not displayed.

[ SDW-18505 ]

In the Citrix SD-WAN 210 appliance, if you remove the add-on license, the services get disabled.

Workaround: Remove the firewall policy having security profile, stage, and activate the changes to convert the appliance to standard edition.

[ SDW-18031 ]

In the time interval between Staging and Activation, the policy names shown in reporting and logs might be incorrect or show as Unknown policy.

[ SDW-14057 ]


When a custom WAN Optimization Rule with Order Number greater than 2000 is added, Verify Config throws an error with the following error code as a custom rule attains lower priority than the Default Unclassified Traffic Rule.


Workaround: For a custom Wan Optimization Rule, use the order number value less than 2000.

[ SDW-14863 ]


On trying to configure management port 1/4 as a data port in the Fallback Configuration through the Citrix SD-WAN Orchestrator service, the error message Exceptions must derive from BaseException is displayed.

[ SDW-18835 ]


Assigning licenses to multiple sites simultaneously from Citrix SD-WAN Orchestrator service fails intermittently.

Workaround: Allocate license to one site at a time.

[ SDW-20045 ]

Known issues