Edge drops packet as "rfc1918_cloud_drop" in biz policy reason. If the destination route matches non-secure cloud route like PR "v" route instead of secure route PSR due to no matching route. We will see this drop reason in Biz policy or DBGCTL output.

Log :

[NET] vc_pkt_print_track:217 dir: lan_to_wan, 192.168.2.1:1 <-> 172.16.1.1:0 proto 1, app 70, class 13, fc: 0x7ff3c063c1b0 policy "Default", reason "rfc1918_cloud_drop", count 200 path "8:vc_queue_ipv4_bh_bottom 7 8 31 32 34 39 46 48 49 50 61 91"

All SD-WAN Velocloud versions

The reason for the drop is cloud route attracts only internet bound traffic and if there is private subnet which needs to attracted to gateway by Biz policy edge would drop it. This would happen with default PR route as well. 

We should be using Secure default route or longest matching prefix instead of default 'v' or "PR" route.