Users may observe traffic being sent to the edge from the underlay, confirmed with packet captures on the ingress interface, but it isn't being forwarded beyond that, possibly being dropped, and no flow is seen in the Flow Dump results in Remote Diagnostics.

SD-WAN edge.

There can be a variety of reasons for traffic to not be forwarded, the following is a basic list of things to validate.

1.  Ensure the edge has a valid route to the destination.

2.  Check for any firewall rules that would drop this traffic.

3.  Reverse Path Forwarding(RPF) may be dropping it.  If "Trusted Source" is not enabled on the ingress interface, RPF is on and set to strict by default, meaning there must be a matching route back to the source via this interface.  More info on these options can be found Here.

4.  Check if NAT Direct is enabled and whether or not if should be.  If NAT Direct is enabled, and this interface receives traffic destined to an IP other than the IP of the interface, it will get dropped.  This is because with NAT Direct, traffic outbound has the source IP NATed to the IP of this interface, so it expects traffic inbound on the interface to be destined to the IP of the interface.