I have set up a pulse secure cluster in my company using both internal and external interfaces.
users get their IPs from this pool 192.168.1.0/24 (for example).
I am seeing on my firewall initiated traffic from external interface over the port 443 VIP to this subnet (192.168.1.0/24). this traffic is blocked on my firewall and nobody complained about Pulse. I don't know why we have this behaviour.
Can you please explain why external VIP is trying to communicate with the connected users?
@elyes I don't see a reason why the Ext. VIP is trying to reach the user tunnel subnet...😮 We should see only the return/reply traffic from the Ext VIP and that too should be destined to the user's public IP address.
Is it trying to reach all the connected users or just few users always?