Known issues

Citrix SD-WAN Orchestrator has the following known issues:

SDWANHELP-1541: Error message is displayed when deploying license in Citrix SD-WAN Orchestrator. The licensing back office did not have a start date for the license, which is a required field for licensing service.

SDW-9903: When moving a branch from one region to another, the dynamic routes already learned in the network are not purged. This might lead to some overlay routing issues.

  • Workaround: When a branch is moved from one region to another, manually purge all dynamic routes that are learned using the device GUI.

SDW-10104: Creating the transit nodes for the branches does not form virtual paths.

  • Workaround: Create the static virtual paths manually between the transit site and the branch nodes.

SDW-10283: When software upgrade to version 11.1.0.227 is done from an appliance which has Virtual WAN service disabled and is relying on only the LTE link for internet connectivity, the activation of the appliance does not complete and the appliance goes offline.

  • Workaround: Enable Virtual WAN service after the software upgrade is completed, which can be confirmed by checking the appliance UI.

SDW-10350: In some rare scenarios, some of the appliances do not proceed to activation if activation was triggered when staging was in progress.

  • Workaround: Staging and activation can be retried to activate the appliance after 20 minutes for software upgrade or 5 minutes for configuration update.

SDW-11224: While performing the software upgrade on networks with the Cloud Direct enabled sites, the activation status for such sites gets stuck in progress even after completion.

  • Workaround: Perform the configuration upgrade after the software upgrade. This can be done either using the same configuration or the modified configuration.

SDW-11355: For the existing Standard Edition (SE) devices, the Inspect action can be selected in firewall policies. Also, the Advanced Edition (AE) to SE conversion will not throw an error when there are existing firewall policies with Inspect action enabled. In both of these scenarios, no errors occur during the staging and activation.

SDW-11941: Advanced firewall functionalities don’t work in one of the following scenarios. Also, no audit error is seen while performing the following scenarios:

  • Downgrade of 1100-AE from 11.2.0 to lower builds which do not support advanced firewall functionalities
  • Conversion of 1100-AE to 1100-SE on 11.2.0

SDW-12934: The security reports for the SD-WAN 210 AE appliance are not seen on the SD-WAN Orchestrator UI. The issue happens due to the first-boot timing issue, where the database user gets created but permissions are not granted.

SDW-12976: Activation fails when configuring an appliance with Advanced Edition (AE). This is due to missing configuration elements related to the Anti-malware configuration.

  • Workaround: Save the Anti-malware configuration from the UI once again and perform staging and activation.

SDW-12977: SD-WAN AE activation might fail consistently if the edge security component is stuck to an unresponsive state. Rebooting the failing appliance must resolve the issue and allow activation to proceed.

SDW-12994: When the Force Internal VIP Matching is enabled along with subnets which match the network subnets of the Virtual IP address, would cause an audit error leading to failure of deployment.

  • Workaround: Do not enable the Force Internal VIP Matching option.

SDW-13046: When you roll back the network software version to lower than version 11.2, sites configured as Advanced Edition (AE) fail to stage with the message - Package extraction failure. This is because AE is supported from version 11.2 and above.

  • Workaround: Configure the sites back to SE from AE, before rolling back the network to a previous 11.2 software version to avoid the Staging Failure.

SDW-13419: In production mode, when you have licenses assigned to all sites (that is, no spare licenses), and making a change to a site’s bandwidth, platform, or appliance edition, then the site becomes unlicensed.

  • Workaround: Manually reassign the license to the site.

SDW-13696: Before you convert the TRUSTED interface to UNTRUSTED which is used for the DNS proxy, you need to first delete it from the DNS proxy and then modify the interface type. Otherwise, you might see an audit error that says that Only a TRUSTED interface can be used for DNS Proxy.

SDW-13931: When a perpetual user enters an add-on entitlement, SD-WAN Orchestrator indicates that the license billing model does not match the customer billing model.

SDW-13946: When a configuration update is done for a network, a device can intermittently go into an Activation Pending state after it has been marked as Activation Complete. This occurs if the SD-WAN Orchestrator checks for auto-correction during the period the device has marked Activation Complete and the new configuration version running on this device is yet to be received by SD-WAN Orchestrator.

The newly issued activation command sees the version of the running software and its configuration and relays to SD-WAN Orchestrator that auto-correction is not needed; moving the device to Activation Complete state.

Known issues