[IAG] After enabling policy control, the mobile phone cannot access intranet resources
Problem Description
After enabling the external network access policy, the mobile phone cannot access the internal network resources
Effective troubleshooting steps
- Deploy in IAG bridge mode and capture packets to see that the traffic from mobile phones to the intranet does not pass through IAG;
- Customers reported that mobile phone users could not access the intranet. After testing and turning off 4G, they could access the intranet normally.
- When testing the mobile phone to connect to the wireless network, the interception page will pop up automatically, prompting that it is blocked by the policy;
Root cause
When a mobile phone user connects to wireless, a detection domain name is automatically sent, triggering an interception policy that causes the phone to think that wireless is unavailable and traffic is forwarded via 4G, making it impossible to access the intranet.
solution
The problem is solved after the mobile phone is allowed to detect the domain name
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=24533&isOpen=true