Hi everyone,
This is a weird issue and kind of a long write up so please bear with me. Long story short, on UTM we never had this issue, it started when we moved to XG and showed itself today.
Scenario : Client has a site to site VPN to a separate company that hosts Citrix server based apps. Connect the tunnel, set the Citrix instance and you get the desktop icons for the remote app. Easy enough. Here's the issue -- when they print via the remote app, it sends the print job locally as designed, but then after the job prints, all traffic is stopped. No inbound or outbound anywhere for anyone. I can continue to manage the firewall (XG 115, used fw 17.1 then downgraded to 17.04 - can't use that because the 'NAT' in the VPN tunnel doesn't work, updated to 17.08, issue persists) -- and I can ping all of the internal resources, though no traffic will move through the tunnels. Here's the head scratcher, if I disable the tunnel to the hosted apps, all connectivity comes back. There are other S2S tunnels in play as well, toggling the remote app tunnel allows connectivity through the rest of them, but if you send a print job it breaks again.
Anyone seen something similar to this before ? No logs anywhere that says anything what so ever, no IPS rules, no IDS rules, nothing like that and from the firmware downgrade everything was rebuilt anyway. I just can't figure out what is going on here. Ideas?
This thread was automatically locked due to age.
