We have an app that makes a decision about the template it uses based on if a request is AJAX or not (Which is universally triggered by the X-Requested-With HTTP header). It would seem that this value is not passed along by our Juniper VPN, so while this solution works great with normal operations, the Juniper VPN is breaking this.
Is there a way around this?
I would suggest you to try and enable "allow" custom headers on the SA for all the resource if it's not enabled.
If the above doesn't resolve your issue - I would suggest you to open a JTAC ticket as the fasted way to find an answer for the same.
As AJA indicated, this should be resolved by enabling custom headers. This is an option that resolves 90%+ of the failures with AJAX through the rewriter; if it does not, please work with JTAC for further investigation.