Since we updated to 6.5R2, any user that is running SAM or NC is unable to load pages from one of our DMZs. We're not the typical company since we have two network connections. I'll explain the setup:
Internet connection "A" has the Juniper appliances (Clustered A/P SA 6000s) with one leg in DMZ "A" and one in the Internal network. We also have another internet connection "B" and of course a DMZ "B". Connection "A" is newer, faster and has better backend hardware. Connection "B" is older and has 95% of our DMZ servers. Users have always been able to connect from outside through either connection "A" or "B" and route to the either DMZ and the internal network just fine.
Then came 6.5R2... which we introduced for Win 7 support. Now, any user from any connection cannot route to the DMZ addresses. SAM and NC resolve the internal IP for the addresses but do not allow the users to reach those addresses. It's almost as if SAM and NC now are treating DNS differently than they had before.
Has anyone else experienced this? Let me know if you'd like more information or clarification. Thanks for reading!
I resolved this just a few minutes ago. We had some internal routing issues that weren't apparent due to the network complexity. Routing was only working one way (connecting from outside to the internal resource.) What wasn't working was the return route to the outside client. Once that was updated I was then able to route. That fixed NC completely. Then I had to redefine some SAM and web ACLs to fine tune the allowances for our entire DMZ to be accessed from outside while logged in via SAM.