the new instance is configured similar to working instance, everything in the split is configured as a deny (ip addresses and FQDN) we can see in the local pulse logs that it is execuded as an EXCLUDE ROUTE and it adds a related route through local interface - not throught the tunnel. the behavior on the new instance - TCP connections do not complete. We can not see the TCP (HTTPS) request start in the wireshark capture. It appears it is being blocked by local stack or sometype ofrouting issue. But ICMP will go out the route as expected to same destination IP.
... View more