I tried to cut off network traffic generated by clientless user and clicked "Disconnect". The client was disconnected and no longer was able to use the Policy but... I was not able to reactive that client. Changing status to off and again to on did not help. Clientless "user" had been in Disconnected state until firwall reboot.
Is it a bug or feature ?
This thread was automatically locked due to age.