Symptoms:
Traffic may be dropped at the Edges when traffic is initiated with a BGP peer IP address as Source behind a Partner Gateway when Secure BGP Routes are configured.

For eg. 
10.0.0.1 <> PG  <> Edge <> 172.16.0.1

Ping initiated from 10.0.0.1 towards 172.16.0.1 will be unsuccessful

VMware SD-WAN by VeloCloud
VMware SD-WAN

When traffic is initiated from the BGP neighbor behind the Partner Gateway as Source, it creates an unsecured flow in the Gateway, because the source route will be of type BGP-Peer, for which secure setting handling is not done properly.

However, if the source route lookup at the Edges returns a secure route, there will be a mismatch in the secure setting of the incoming traffic and route lookup.

This will result in source route lookup failure at the Edges.

This behavior is caused by a known issue #121513

NOTE:- Unsecured flow (with secure option disabled in PG) will not be impacted by this issue.

This behavior is fixed in the code by setting the secure options for the route appropriately.
The fix for this issue is available in 5.2.2 and 5.4.0

Workaround:
Instead of sourcing traffic from the BGP neighbor IP, use another source IP address behind the PG