Known issues

Citrix SD-WAN Orchestrator service has the following known issues:

SDWANHELP-1541: Error message is displayed when deploying in license in Citrix SD-WAN Orchestrator service. The licensing back office did not have a start date for the license, which is a required field for licensing service.

SDWANHELP-1632: When the correct IP address is not getting reported, the Dashboard page displays the system default management IP address ( even though a different IP address is assigned through DHCP. There is no impact on the appliance’s connectivity. The correct IP address is displayed on the Appliance Settings page.

SDWANHELP-1678: The Usage report at the network level generated for long duration (more than a day) takes longer time to fetch the statistics and no data is displayed on the UI.

SDWANHELP-1754: For the path MTU discovery, the path MTU probe events are enqueued for processing during a timer kick-off. A segmentation failure occurs in the case if a probe event is not valid when the actual execution is attempted.

SDWANHELP-1760: When the customer is out of SD-WAN Orchestrator Entitlements and tries to assign a license to the Citrix SD-WAN device, the license assignment fails with an incorrect error message.

SDWANHELP-1764: You cannot Stage and Activate a new configuration change. The memory and CPU fields are assigned some default values and that cannot be changed as there is no option available in the SD-WAN Orchestrator UI currently. This issue occurs as the default values vary from customer to customer.

SDWANHELP-1803: The Historical and Quality statistics do not get generated as the SD-WAN Orchestrator UI does not get the required device information to invoke call for statistics when the SD-WAN device is offline.

SDW-10104: Creating the transit nodes for the branches does not form virtual paths.

  • Workaround: Create the static virtual paths manually between the transit site and the branch nodes.

SDW-11355: For the existing Standard Edition (SE) devices, the Inspect action can be selected in firewall policies. Also, the Advanced Edition (AE) to SE conversion will not throw an error when there are existing firewall policies with Inspect action enabled. In both of these scenarios, no errors occur during the staging and activation.

SDW-11941: Advanced firewall functionalities don’t work in one of the following scenarios. Also, no audit error is seen while performing the following scenarios:

  • Downgrade of 1100-AE from 11.2.0 to lower builds which do not support advanced firewall functionalities
  • Conversion of 1100-AE to 1100-SE on 11.2.0

SDW-12976: Activation fails when configuring an appliance with Advanced Edition (AE). This is due to missing configuration elements related to the Anti-malware configuration.

  • Workaround: Save the Anti-malware configuration from the UI once again and perform staging and activation.

SDW-12977: SD-WAN AE activation might fail consistently if the edge security component is stuck to an unresponsive state. Rebooting the failing appliance must resolve the issue and allow activation to proceed.

SDW-13046: When you roll back the network software version to lower than version 11.2, sites configured as Advanced Edition (AE) fail to stage with the message - Package extraction failure. This is because AE is supported from version 11.2 and above.

  • Workaround: Configure the sites back to SE from AE, before rolling back the network to a previous 11.2 software version to avoid the Staging Failure.

SDW-13696: Before you convert the TRUSTED interface to UNTRUSTED which is used for the DNS proxy, you need to first delete it from the DNS proxy and then modify the interface type. Otherwise, you might see an audit error that says that Only a TRUSTED interface can be used for DNS Proxy.

SDW-14759: If you perform staging on a Citrix SD-WAN appliance with an inbuilt LTE modem before the appliance comes online, then the staging fails.

  • Workaround: Perform staging after the appliance comes online.

SDW-14863: When a custom WAN Optimization Rule with an Order Number greater than 2000 is added, Verify Config throws an error with the following error code as a custom rule attains lower priority than the Default Unclassified Traffic Rule:


  • Workaround: For a custom Wan Optimization Rule, use the Order Number value less than 2000.

SDW-15169: Scheduling Information of the appliance in Change Management Settings might display outdated data when the appliance reconnects to the Orchestrator after a factory reset.

  • Workaround: In the Change Management Settings, select the desired scheduled window and apply the same to the appliance. The appliance gets updated and the data between the appliance and the Citrix SD-WAN Orchestrator service gets synchronized.

SDW-15287: The previously created IPS rules that are global for all Citrix SD-WAN Edge Security sites are not migrated automatically.

  • Workaround: Recreate the IPS settings as part of profile creation and apply them to all Citrix SD-WAN Edge Security sites.

SDW-15522: While creating a site by cloning and deleting the original site leads to an error - Unable to find Site name belonging to Uiid < num >.

SDW-15677: While associating security profiles to a firewall profile, you might see the security profile information doesn’t get persisted. This happens when the security profile name starts with a non-alphabetic character or contains anything except alphanumeric, hyphen, and underscore.

  • Workaround: Rename the security profile to use alpha-numerics, hyphens, and underscores only starting with an alphabet.

SDW-16050: A change in the SSL inspection root Certificate Authority (CA) and the key will not be propagated to the SD-WAN appliance unless another edge security-related setting is also changed. This results in the SSL inspection being performed with the previous root CA.

  • Workaround: Change another setting related to edge security, then stage and activate it. This triggers the download and application of the root CA and key.

SDW-16128: Although the changes made in the SSID profiles are inherited by SSIDs created using these SSID profiles, the changes do not reflect in the SD-WAN Orchestrator GUI.

Known issues