Hi Ariyarahna -

For
> 1.What is the tunnel source address ? (is it physical IP address bound with the tunnel)
Yes. It is the physical IP Address bound to the (d)TLS tunnel

> 2.What is the tunnel IP address ? (is it the system IP)
No. See above. System-IP is not used for routing in SD-WAN. It is similar to Router-ID on a regular router, which is the address used to identify the router from which packets are originated.
The System-IP address is used internally as the loopback address of the device in the transport VPN (VPN 0)

> 3.WAN-Edge device use same tunnel interface for control connection (DTLS/TLS) and Data plane (IPsec). How Router undestand which traffic should encapsulate using DTLS and which traffic should encapsulate using IPsec ?
When it is talking to Controllers it is (d)TLS and when it is talking site-to-site, it is encapsulated using IPSec.

> 4.In DTLS connection will the wan-Edge device encapsulate encrypted packet with new IP header ?

We use Tunnel Mode. [ It adds a new IP Payload header ]

Check out the Design Guide: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
It has a pretty good information on the solution end-to-end

HTH