June 14th, 2021

VMware SD-WAN Orchestrator Version 343-20200910-GA
VMware SD-WAN Gateway Version R343-20200803-GA
VMware SD-WAN Edge Version R343-20200803-GA

Check regularly for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

Recommended Use

This release is recommended for all customers who plan to upgrade to Release 3.4.x, as well as those customers impacted by the issues listed below which have been resolved in previous 3.4.x Releases.

Compatibility

Release 3.4.3 Orchestrators, Gateways, and Hub Edges supports all previous VMware SD-WAN Edge versions greater than or equal to Release 3.0.0 (Note: this means releases prior to 3.0.0 are not supported, please consult the warning below for additional details).

The following interoperability combinations were explicitly tested:

Orchestrator

Gateway

Edge

Hub

Branch/Spoke

3.4.3

3.4.3

3.2.1

3.2.1

3.4.3

3.4.3

3.3.2 P2

3.3.2 P2

3.4.3

3.4.0

3.3.2 P2

3.3.2 P2

3.4.3

3.3.2 P2

3.3.2 P2

3.3.2 P2

3.4.3

3.4.1

3.4.1

3.4.1

3.4.3

*3.4.1*

*3.4.3*

*3.4.3*

3.4.3

3.4.3

3.4.3

3.4.1

3.4.3

3.4.3

3.4.1

3.4.3

3.4.3

3.4.3

3.4.3

3.3.2 P2

3.4.3

3.4.3

3.3.2 P2

3.4.3

3.4.3

3.4.3

3.3.1

3.4.3

3.4.3

3.2.1

3.2.1

3.2.1

3.4.3

3.4.3

3.2.1

3.4.3

3.4.3

3.4.3

3.2.1

3.2.1

3.4.3

3.4.3

3.4.3

3.2.1

3.4.3

3.4.2

3.4.2

3.4.2

3.4.3

3.4.3

3.4.3

3.4.2

3.4.3

3.4.2

3.4.2

3.4.3

3.4.2

3.4.3

3.4.2 

3.4.2

3.4.2

3.4.2

3.4.3

3.4.2

3.4.2

3.4.2

3.4.2

3.4.3

3.4.1

*3.4.1* 

*3.4.3* 

*3.4.3* 

3.4.1

3.4.2

3.4.3

3.4.2


* Warning * The clustering issues listed as Resolved below (#43309, #44354, #44792) required protocol changes to the information exchanged between the VMware SD-WAN Gateway and VMware SD-WAN Edge.  Though no issues were found during interoperability testing (and not all customers may experience issues), it has come to our attention that these protocol changes may cause a Spoke Edge to connect to more than one Hub in a cluster, which could potentially impact return routing of traffic.

As a result, Spoke Edges which connect to Hub Clusters must wait for Gateways to be upgraded to 3.4.2 prior to being upgraded themselves.


Warning: VMware SD-WAN Release 2.x (e.g. 2.4.4, 2.5.2, etc.) is no longer supported.

For more information regarding Release 2.x, including next steps, please consult the following KB article:

Announcement: End of Support Life for VMware SD-WAN Release 2.x.x (77221)


Document Revision History

June 14th. First Edition. (From a previously published edition at time of GA).

Resolved Issues

The resolved issues are grouped as follows.

Edge/Gateway Resolved Issues

Resolved in Version R343-20200803-GA

The below issues have been resolved since Edge version R342-20200610-GA, and Gateway version
R342-20200706-GA-46261-47204.

  • Fixed Issue 37208:

    When a VMware SD-WAN Edge is downloading an Edge Software Update, if the Edge stops receiving packets for more than 60 seconds the operation may stall for up to 4 hours before completing.

  • Fixed Issue 42167:

    If Dynamic Cost Calculation (DCC) is enabled, the update of OSPF attributes is not reflected on remote VMware SD-WAN Edges.

  • Fixed Issue 43141:

    If a customer enterprise has the OFC Cost Calculation > Distributed Cost Calculation feature enabled, the VMware SD-WAN Edges on this enterprise do not update the UPLINK cost properly.

  • Fixed Issue 43774:

    For a Non-VeloCloud Site (NVS) with a configured DH/PFS group, the IKE/IPSEC rekey proposal sends a set of DH/PFS groups and does not put the configured DH/PFS group first on the list.

  • Fixed Issue 44036:

    A VMware SD-WAN Gateway will suffer a Dataplane Service Failure if the command debug.py --list_edges is used.

  • Fixed Issue 44302:

    A VMware SD-WAN Edge with VNF enabled uploads monitoring data to the VMware SD-WAN Orchestrator that results in irregular patterns on the Monitor > Edge  > System graphs on the Orchestrator UI.

  • Fixed Issue 44379:

    A VMware SD-WAN Gateway may not start its flow clean-up event at bootup, which will cause flows via the Gateway to eventually fail.

  • Fixed Issue 45345:

    When a VMware SD-WAN Edge connected to a Zscaler GRE tunnel sends IP fragmented traffic, ISPs in France have been observed to incorrectly set the IP length in the GRE packet set to the length of the entire reassembled packet instead of the length of the first fragment and as a result the packets are dropped on the GRE tunnel.

  • Fixed Issue 45714:

    WebEx traffic is not classified properly, impacting the effectiveness of Business Policies configured for this application.

  • Fixed Issue 45745:

    Dynamic Bandwidth Adjustment may not work properly when 100% of the user traffic is encrypted.

  • Fixed Issue 45820:

    For LAN side NAT, port forwarding works only for one LAN subnet when the same NAT IP is configured for multiple LAN subnets

  • Fixed Issue 46062:

    When an update of remote dynamic routes is received on the VMware SD-WAN Gateway, it may be incorrectly ordered in the FIB if there is a local dynamic route for the same prefix.

  • Fixed Issue 46187:

    Diagnostic bundles for both the VMware SD-WAN Edge and the VMware SD-WAN Gateway do not include stale flow debugging logs.

  • Fixed Issue 46309:

    When creating IKE Descriptors on either a VMware SD-WAN Edge or VMware SD-WAN Gateway, unused objects are not cleaned up leading to increased memory consumption over time.  In rare cases with a high number of tunnels created and IKE re-keys, this slow leak will result in an "out of memory" condition for either the Edge or Gateway which will trigger a system restart to clear the memory.

  • Fixed Issue 46320:

    A pair of VMware SD-WAN Edge model 610’s may not be able to form a High Availability pair.

  • Fixed Issue 46330:

    On a VMware SD-WAN Edge, GRE tunnels stop working when the IP address of the underlying interface changes.

  • Fixed Issue 46366:

    A VMware SD-WAN Edge which receives a packet on a NAT-enabled routed interface with a destination IP different from the interface IP address may leak the flow corresponding to that packet.

  • Fixed Issue 46429:

    When a Non-VeloCloud Site has a state event (e.g. tunnel down/up), the start and end time values delivered to the VMware SD-WAN Orchestrator are each "0", which prevents the Orchestrator from correctly displaying the order of events for that NVS.

  • Fixed Issue 46604:

    If a customer advertises a default static route from a VMware SD-WAN Edge Hub and also configures a "non-secure" static route from a VMware SD-WAN Partner Gateway, the non-secure Partner Gateway static route is preferred over the Hub static route.

  • Fixed Issue 46606:

    A VMware SD-WAN Edge processing an unfragmented packet of length 1888 bytes from a Zscaler peer may suffer a Dataplane Service Failure.

  • Fixed Issue 46839:

    Dynamic Bandwidth Adjustment does not restore a WAN link’s original bandwidth value if the bandwidth decrease was a small percentage (10% or less) of the original rate.

  • Fixed Issue 46949:

    On a site with a High-Availability topology and a large number of flows in the system, synchronizing these flows to the VMware SD-WAN Standby Edge may cause the Edge to suffer a Dataplane Service Failure.

  • Fixed Issue 46980:

    In rare conditions where a VMware SD-WAN Cluster Hub tunnel to a VMware SD-WAN Gateway is down and a route advertisement is attempted at the same time, peer objects may be leaked on the Gateway.

  • Fixed Issue 47082:

    When connectivity between a VMware SD-WAN Hub Edge and Spoke Edges goes down, peer objects may be leaked on the Hub Edge.

  • Fixed Issue 47125:

    The VMware SD-WAN Edge 6X0 platform does not support Palo Alto Networks VNF’s.

  • Fixed Issue 47172:

    A VMware SD-WAN Edge may suffer a Dataplane Service Failure when handling more than 10,000 connections per second for more than 3 minutes sustained.

  • Fixed Issue 47173:

    The VMware SD-WAN Gateway will suffer a Dataplane Service Failure when performing NAT on PPTP traffic.

  • Fixed Issue 47218:

    Dynamic Branch-to-Branch is formed with a VMware SD-WAN Edge although there is no traffic towards that Edge if the same route is advertised with different preferences by different Edges.

  • Fixed Issue 47219:

    DNS replies with more than one level of indirection (see RFC1035 4.1.4) are not parsed correctly by the VMware SD-WAN Edge, leading to business policy rules based on those domain names not being applied.

  • Fixed Issue 47458:

    DSCP marking is reset to CS0 for underlay traffic when it traverses the VMware SD-WAN Edge.

  • Fixed Issue 47488:

    A VMware SD-WAN Spoke Edge’s management IP is advertised to the underlay BGP/OSPF on Hub-to-Spoke tunnels.

  • Fixed Issue 47491:

    If a VMware SD-WAN Spoke Edge sends a control message with an invalid segment ID (e.g. due to memory corruption) to a Hub Edge after a route or tunnel flap, the Hub Edge may suffer a Dataplane Service Failure.

  • Fixed Issue 47534:

    On a VMware SD-WAN Partner Gateway, ARP requests received on non-configured Handoff VLANs are processed and the source MAC learned if the ARP request is not double tagged. Also, on receiving an ARP request for a new IP/MAC entry, along with learning the mapping, a new ARP request is triggered to the source of the request. This may result in the ARP table filling and flushing repeatedly on the Partner Gateway depending on the topology.

  • Fixed Issue 47894:

    In extremely rare scenarios on a customer site using an Enhanced High-Availability topology, when an HA failover occurs, the site may end up in a state where the active VMware SD-WAN Edge has tunnels established to the VMware SD-WAN Gateway, but is not forwarding any traffic.

Orchestrator Resolved Issue

Resolved in Version R343-20200910-GA

The below issue has been resolved since Orchestrator version R343-20200804-GA.

  • Fixed Issue 48361:

    When a VMware SD-WAN Orchestrator is upgraded to Release 3.4.3 version 343-20200804-GA, links that are Stable are erroneously displayed as Unstable on the Network Overview page.

Orchestrator Resolved Issues

Resolved in Version R343-20200804-GA

The below issues have been resolved since Orchestrator version R342-20200708-GA.

  • Fixed Issue 30172:

    If a WAN link previously configured as auto-detect is then configured as user-defined, the auto-detect configuration is not removed by the VMware SD-WAN Orchestrator, and instead the newer user-defined instance is removed, and the link reverts to the auto-detect configuration.

  • Fixed Issue 31162:

    Users are unable to see statistics on the Monitor > Edge > Sources page if the hostname is unresolved.

  • Fixed Issue 37871:

    User cannot create or edit a Business Policy if there is an existing Business Policy that is configured to use a back-up link enabled interface for Link Steering.

  • Fixed Issue 42580:

    There is no warning message when a user tries to switch customer partner handoff on the VMware SD-WAN Orchestrator.

  • Fixed Issue 42964:

    Syslog configuration error messages on the VMware SD-WAN Edge’s Device Settings page do not help the user to easily identify that the error message is the result of an incorrect syslog configuration.

  • Fixed Issue 43113:

    UI/API validation sometimes erroneously flags VLAN DHCP settings for old Edges, or flags Edges that have been modified via the API as invalid.

  • Fixed Issue 44035:

    A customer enterprise that has disabled “Grant User Management Access to VeloCloud Support” still allows an Orchestrator Operator to view and configure a customer’s Wi-Fi password at the Edge or Profile level.

  • Fixed Issue 44653:

    In rare circumstances an Azure Virtual Hub NVS deployment may take up to twelve hours to complete.

  • Fixed Issue 44821:

    On a VMware SD-WAN Orchestrator configured for Disaster Recovery (DR), report files may be copied repeatedly from the Active to Standby Orchestrator, impacting the performance of other system processes.

  • Fixed Issue 45114:

    Reports do not account for all the VMware SD-WAN Edges in a customer enterprise if there are more than one million flows per day for one of these Edges.

  • Fixed Issue 45218:

    VMware SD-WAN Orchestrator allows Edge names that exceed the character limit of 255.

  • Fixed Issue 45252:

    Role Customization for the feature Device Configuration > Visibility Mode may only be configured at the Profile level, not the Edge level.

  • Fixed Issue 45274:

    Users are able to select a WAN overlay enabled interface as a source interface for syslog on the VMware SD-WAN Orchestrator.

  • Fixed Issue 45500:

    VMware SD-WAN Orchestrator web user interface does not display properly on Internet Explorer and Microsoft Edge browsers.

  • Fixed Issue 45704:

    Deletion of auto-detect WAN overlays will correctly update the link state on the VMware SD-WAN Orchestrator. When the deleted overlays are auto-detected again, they will not show up as a back-up link.

  • Fixed Issue 45929:

    VMware SD-WAN Edges lose contact with the VMware SD-WAN Orchestrator and appear offline when the user disables a model on a customer profile.

  • Fixed Issue 46134:

    The Conditional Backhaul flag is not applied for Business Policies configured for non-global segments.

  • Fixed Issue 47030:

    On the Alerts & Notifications section of the VMware SD-WAN Orchestrator, configuring Webhooks to deliver alerts does not work because the request signature is computed incorrectly for alerts.

Known Issues

Open Issues in Release 3.4.3

The known issues are grouped as follows.

Edge/Gateway Known Issues
  • Issue 08744:

    Passive FTP and TFTP will not work via 1:1 NAT

    Workaround: Please consult https://kb.vmware.com/s/article/2913337

  • Issue 14655:

    Plugging or unplugging an SFP adapter may cause the device to stop responding on the Edge 540, Edge 840, and Edge 1000 and require a physical reboot.

    Workaround: The Edge must be physically rebooted.  This may be done either on the Orchestrator using Remote Actions > Reboot Edge, or by power-cycling the Edge.

  • Issue 17411:

    1:1 NAT fails if a rule is created on a routed interface that has a subinterface, and the subinterface has a different IP than the 1:1 NAT rule. 

  • Issue 25302:

    If the dataplane service is disabled on the VMware SD-WAN Edge, a "Restart Services" does not work properly and a "Reboot" must be triggered to recover the Edge.

  • Issue 25855:

    A large configuration update on the Partner Gateway (e.g. 200 BGP-enabled VRFs) may cause latency to increase for approximately 2-3 seconds for some traffic via the VMware SD-WAN Gateway.

    Workaround: No workaround available.

  • Issue 36970:

    VMware SD-WAN Edge Firewall logging may incorrectly list the incoming interface as “VLAN-1” for traffic that was received from the cloud via 1:1 NAT.

  • Issue 37308:

    If a user deletes all the links configured to build GRE tunnels to Zscaler (but does not disable Cloud Security Service), then changes the Zscaler IP addresses and re-configures the links, the Edge must be restarted to route traffic over the GRE tunnels.

  • Issue 37664:

    When Edge-to-Edge via VMware SD-WAN Gateway is configured on the spoke, the routes of the cluster Hub remain unreachable for a few seconds.

  • Issue 37955:

    NetFlow Exporter may export the wrong flow path for peer-initiated flows sent directly between VMware SD-WAN Edges.

  • Issue 38682:

    A VMware SD-WAN Edge acting as a DHCP server on a DPDK-enabled interface may not properly generate “New Client Device" events for all connected clients.

  • Issue 38925:

    VPN flows are not synchronized properly between VMware SD-WAN Edges in a High Availability pair, which may cause stateful firewall sessions via VPN to stall on an HA failover.

  • Issue 39014:

    A VMware SD-WAN Edge service restart may be required when changing established Zscaler tunnels from IPsec to GRE to the same Zscaler IP address.

  • Issue 39134:

    The System health statistic “CPU Percentage” may not be reported correctly on Monitor > Edge > System for the VMware SD-WAN Edge, and on Monitor > Gateways for the VMware SD-WAN Gateway.

    Workaround: Users should use handoff queue drops for monitoring Edge capacity not CPU percentage.

  • Issue 39374:

    Changing the order of VMware SD-WAN Partner Gateways assigned to a VMware SD-WAN Edge may not properly set Gateway 1 as the local Gateway to be used for bandwidth testing.

  • Issue 39659:

    On a site configured for Enhanced High Availability, with one WAN link on each VMware SD-WAN Edge, when the standby Edge has only PPPoE connected and the active has only non-PPPoE connected, a split brain state (active/active) may be possible if the HA cable fails.

  • Issue 39384:

    Traffic initiated on a WAN-overlay enabled interface may be double counted in NetFlow statistics.

  • Issue 39464:

    When an SNMP agent is configured to listen on a non-default port, the SNMP Access firewall rule is not updated to that configured port.

  • Issue 39609:

    Incorrect packet loss may be reported when MPLS Classes of Service are enabled on one VMware SD-WAN Edge but not the peer Edge and link steering via business policy is configured.

  • Issue 40360:

    A default route learned through a VMware SD-WAN Hub Edge may not be removed on all Spoke Edges after deleting the route at the Hub.

  • Issue 40421:

    Traceroute is not showing the path when passing through a VMware SD-WAN Edge with an interface configured as a switched port.

  • Issue 40425:

    Direct Internet traffic from non-Global segments will fail if it matches a route that was learned in the Global segment.

  • Issue 40442:

    Enabling LAN-side NAT rules may reduce the maximum throughput possible through the VMware SD-WAN Edge by up to 10% (depending on the Edge model).

    Workaround: There is no workaround for this issue.

  • Issue 40497:

    Downloading a VNF image from AWS S3 will not succeed if the S3 bucket only supports Signature V4 authentication.

  • Issue 40696:

    Disabling BGP on a VMware SD-WAN Hub Edge that is active in a Cluster does not set the BGP route count for this Hub Edge to 0 and trigger an automatic failover as expected.

  • Issue 40777:

    Syslog export of VMware SD-WAN Edge events does not work to a server that is reachable over VPN only via a default (0.0.0.0/0) route.

  • Issue 40988:

    On VMware SD-WAN Edge models 500, 510, and 520, the Local UI may take a very long time to come up, or time out.

  • Issue 42577:

    Dynamic Bandwidth Adjustment does not run for a wired link that is converted to wireless.

  • Issue 42872:

    Routes on VMware SD-WAN Edge Spokes may not be removed as expected after enabling profile isolation when the Edges are connected to a VMware SD-WAN Hub Cluster.

  • Issue 43613:

    OSPF neighborship may not be established over a routed interface when the interface receives its DHCP IP after a delay.

  • Issue 43698:

    For a site using a High Availability topology, under rare conditions the VMware SD-WAN Edge may receive some events out of sequence resulting in the Standby Edge getting deactivated after becoming active. 

  • Issue 44233:

    A VMware SD-WAN Edge will suffer a Dataplane Service Failure while generating a diagnostic bundle if the command debug.py --remote_routes is executed on a VMware SD-WAN Gateway to which the Edge is connected.

    Workaround: There is no workaround for this issue.

  • Issue 44640:

    For a site using a High Availability topology, the VMware SD-WAN Standby may suffer a Dataplane Service Failure and restart when the Active Edge tries to sync a high number of flows (e.g., ~1.8M UDP flows) with the Standby Edge. The user will also observe a large number of HA_FAILED and HA_READY messages on the Orchestrator.

  • Issue 45189:

    With source LAN side NAT is configured, the traffic from a VMware SD-WAN Spoke Edge to a Hub Edge is allowed even without the static route configuration for the NAT subnet.

    Workaround: Configure a firewall rule to drop the traffic if the NAT subnet in not advertised.

  • Issue 45302:

    In a VMware SD-WAN Hub Cluster, if one Hub loses connectivity for more than 5 minutes to all of the VMware SD-WAN Gateways common between itself and its assigned Spoke Edges, the Spokes may in rare conditions be unable to retain the hub routes after 5 minutes. The issue resolves itself when the Hub regains contact with the Gateways.

  • Issue 45542:

    When a VMware SD-WAN Hub Edge is removed from a Hub Cluster, the Spoke Edges remain associated with that removed Hub Edge and are not reassigned to other Hub Edges in the Cluster.

    Workaround: For the Hub Edge that is removed, run the Remote Diagnostic utility “Redistribute Spokes excluding this Hub” found under the “Rebalance Hub Cluster” section.

  • Issue 45810:

    On A VMware SD-WAN Edge model 3400 or 3800 where the Intel X722 Controller uses older firmware, if the SFP1 and SFP2 interfaces are either empty, or populated with unsupported SFP modules, those SFP interfaces are not usable.  This condition in turn prevents the Edge Dataplane Service from starting, resulting in no customer traffic traversing the Edge.

    Workaround: Disable the SFP1 and SFP2 interfaces on the Interfaces section of the Configure > Edge > Device page on the VMware SD-WAN Orchestrator UI.

  • Issue 45842:

    When there are multiple routes learnt for the same prefix on a VMware SD-WAN Edge, a remote route that has been previously advertised to the BGP peer might be revoked during a tunnel flap with the remote peer and may never get advertised again.  

  • Issue 46053:

    BGP preference does not get auto-corrected for overlay routes when its neighbor is changed to an uplink neighbor.

    Workaround: An Edge Service Restart will correct this issue.

  • Issue 46137:

    A VMware SD-WAN Edge running 3.4.x software does not initiate a tunnel with AES-GCM encryption even if the Edge is configured for GCM.

  • Issue 46361:

    The jitter and latency values measured on a sub-path is reset and re-measured only when the sub-path is used again for data transmission. 

  • Issue 46628:

    The GE5 and GE6 ports on a VMware SD-WAN Edge 620/640/680 do not detect a link if the ports are configured with 100 Mbps and duplex.

  • Issue 46918:

    A VMware SD-WAN Spoke Edge using the 3.4.2 Release does not update the private network id of a Cluster Hub node properly.

  • Issue 47020:

    A VMware SD-WAN Gateway using Release 3.4.0 may mark a Non-VeloCloud Site tunnel as UP even though the tunnel is down.

  • Issue 47166:

    The snmpagent reports multiple datasets incorrectly from a VMware SD-WAN Edge, leading to incorrect measurements via SNMP polling which adversely affects a customer's monitoring service.

  • Issue 47355:

    When the same route is learned via local underlay BGP, Hub BGP and/or statically configured on the Partner Gateway, the sorting order of the routes is incorrect with the Hub BGP being preferred over the underlay BGP.

  • Issue 47591:

    The first flow of a stream classified as Realtime that uses dynamic Edge-to-Edge tunnels may have packet loss due to asymmetric routing across VMware SD-WAN Gateways and VMware SD-WAN Spoke Edges.

  • Issue 47664:

    In a Hub and Spoke configuration where Branch-to-Branch via Hub VPN is disabled, trying to U-turn Branch-to-Branch traffic using a summary route on an L3 switch/router will cause routing loops. 

    Workaround: Configure Cloud VPN to enable Branch-to-Branch VPN and select “Use Hubs for VPN”.  

  • Issue 47681:

    When a host on the LAN side of a VMware SD-WAN Edge uses the same IP as that Edge’s WAN interface, the connection from the LAN host to the WAN does not work.

  • Issue 47731:

    A VMware SD-WAN Edge with a business policy configured to rate limit traffic does not actually enforce rate limiting for downstream traffic. This issue is more likely to be seen in high bandwidth (e.g., 1 Gbps) traffic.

  • Issue 47925:

    A route which is learned over BGP will have an incorrect neighbor IP if the nexthop on the route is not the same as the neighbor’s IP.

  • Issue 47954:

    The Remote Action “Force HA Failover” does not work correctly for a customer site using VMware SD-WAN Edge models 5X0 or 6X0.  For this action, the failover is initiated but the original Active Edge persists as the Active in the HA pair and the Standby Edge is not promoted to the Active role.

    Workaround: There is no workaround for this issue.

  • Issue 48175:

    A VMware SD-WAN Edge running Release 3.4.2 will form an OSPF adjacency on a non-global segment if the non-global segment has an interface configured in the same IP range as an interface configured on the global segment

  • Issue 48462:

    When a VMware SD-WAN Edge is upgraded to Release 3.4.1, the default routes (i.e. route destination = 0.0.0.0) are removed from the Edge’s routing table and will result in users using that Edge not being able to access the internet. 

    Workaround: Restarting the Edge Service will restore the default routes. On the VMware SD-WAN Orchestrator for the affected Edge, go to Remote Actions > Service Restart.

  • Issue 48502:

    In some scenarios, a VMware SD-WAN Hub Edge being used to backhaul internet traffic may experience a Dataplane Service Failure due the improper handling of backhaul return packets.

  • Issue 48627:

    In rare instances, the VMware SD-WAN Edge may suffer a Dataplane Service Failure while processing TCP_SYN packets which include an 'Options' payload as the packet processing may continue beyond 'End of Options List' and trigger an exception.

    Workaround: There is no workaround for this issue.

  • Issue 48824:

    With 'Stateful Firewall' and 'Syslog Forwarding' enabled, the VMware SD-WAN Edge may suffer multiple Dataplane Service Failures due to asymmetric flows.

    Workaround: Please disable 'Syslog Forwarding' under the 'Firewall' tab of the VMware SD-WAN Orchestrator.

Orchestrator Known Issues
  • Issue 19566:

    After High Availability failover, the serial number of the standby VMware SD-WAN Edge may be shown as the active serial number in the Orchestrator.

  • Issue 20900:

    If the MaxMind geolocation service is enabled and cannot reach the MaxMind server, new VMware SD-WAN Edge activations will not work.

  • Issue 24269:

    Monitor > Transport > Loss not graphing observed WAN link loss while QoE graphs do reflect this loss. 

  • Issue 32335:

    The ‘End User Service Agreement’ (EUSA) page throws an error when a user is trying to accept the agreement.

    Workaround: Ensure no leading or trailing spaces are found in Enterprise Name.

  • Issue 33026:

    The ‘End User Service Agreement’ (EUSA) page does not reload properly after deleting the agreement.

  • Issue 35658:

    When a VMware SD-WAN Edge is moved from one profile to another which has a different CSS setting (e.g. IPsec in profile1 to GRE in profile2), the Edge level CSS settings will continue to use the previous CSS settings (e.g. IPsec versus GRE). 

    Workaround: Disable and then reenable GRE at the Edge level to resolve the issue.

  • Issue 35667:

    When a VMware SD-WAN Edge is moved from one profile to another profile which has the same CSS setting but a different GRE CSS name (the same endpoints), some GRE tunnels will not show in monitoring.

    Workaround: Disable and then reenable GRE at the Edge level to resolve the issue.

  • Issue 38843:

    When pushing an application map, there is no Operator event, and the Edge event is of limited utility.

  • Issue 39790:

    The VMware SD-WAN Orchestrator allows a user to configure a VMware SD-WAN Edge’s routed interface to have greater than the supported 32 subinterfaces, creating the risk that a user can configure 33 or more subinterfaces on an interface which would cause a Dataplane Service Failure for the Edge.

  • Issue 40341:

    Though the Skype application is properly categorized on the backend as Real Time traffic, when editing the Skype Business Policy on the VMware SD-WAN Orchestrator, the Service Class may erroneously display “Transactional”.

  • Issue 40567:

    A user is able to clone a customer enterprise even though the customer's profile includes partner gateways (which cannot be cloned) and there is no clear error message about why attempting this will not work.

  • Issue 40746:

    Connected subnets and static routes associated with subinterfaces may not show up as expected on the Configure > Overlay Flow Control screen of the VMware SD-WAN Orchestrator.

    Workaround: Ignore the duplicate event.

  • Issue 41691:

    User cannot change the 'Number of addresses' field although the DHCP pool is not exhausted on the Configure > Edge > Device page.

  • Issue 43276:

    User cannot change the Segment type when a VMware SD-WAN Edge or Profile has a VMware SD-WAN Partner Gateway configured.

  • Issue 46482:

    If a site using VMware SD-WAN Edge 540’s configured in High-Availability is upgraded to Edge software release 3.4.1, the VMware SD-WAN Orchestrator will display this site’s HA status as “Standby Failed”.

  • Issue 47269:

    The VMware SD-WAN 510-LTE interface may appear for Edge models that do not support an LTE interface. 

  • Issue 47279:

    The IKE/IPSEC Template is not correct for the Non-VeloCloud Site type “Generic Firewall” (Policy Based VPN).

  • Issue 47713:

    If a Business Policy Rule is configured while Cloud VPN is disabled, the NAT configuration must be reconfigured upon enabling Cloud VPN.

  • Issue 47820:

    If a VLAN is configured with DHCP disabled at the Profile level, while also having an Edge Override for this VLAN on that Edge with DHCP enabled, and there is an entry for the DNS server field set to none (no IP configured), the user will be unable to make any changed on the Configure > Edge > Device page and will get an error message of ‘invalid IP address []’ that does not explain or point to the actual problem.

  • Issue 47910:

    When a Non-VeloCloud Site with type Checkpoint has its configuration modified through the Monitor > Network Services screen, the primary VPN goes down due to the VMware SD-WAN Orchestrator pushing a configuration update which includes the wrong NVS type.

check-circle-line exclamation-circle-line close-line
Scroll to top icon