If packet size is greater than 1450 bytes with DF bit set with underlay/Transport path MTU of 1500, those packets are dropped by default while sending over sd-wan tunnel.

Versa sd-wan tunnel requires additional 80 to 120 bytes headers while sending customer traffic over sd-wan. Packets with size greater than 1450 bytes has to be fragmented before sending over sd-wan tunnel. If DF bit, those packets will be dropped. This is is not issue for TCP traffic because MSS is re-written during initial TCP handshake by re-adjusting to based on underlay/Transport Path MTU by considering Tunnel overhead to avoid fragmentation. It is possible that some of application using UDP (for example SIP phone, Radius client/server) may send packets with DF bit set. Versa has implemented feature to unset DF bit, fragment packets, send it over SD-WAN tunnel and on receiving end of tunnel packets are re-assembled, DF bit is restored and sent towards destination.

To enable DF bit override: