Hi,
in the past we already observed issues with Meraki VPN (uses UDP) after an update from UTM SW-Version 9.705 to 9.707. We never managed to solve the issue, we needed to reimage the appliance to v9.705 to get the vpn back online. I observed ICMP unreachable messages on the outside interface. It looked, as if the UDP Port was not held open on the outside interface. (VPN connections coming from the outside interface (Internet ) weren´t working anymore).
Now I´m confronted with an similar issue with a different solution. This time it´s about MS Intune. The difference here is, that we are still on version 9.705, but face similar issues as observed in a different installation with 9.707. In this case the client is not able to send traffic over the already established DTLS VPN Tunnel. The MS Defender APP shows up as connected. When using the Edge Browser, the VPN symbol appears but no traffic is passing. I could solve this issue by denying UDP/443 to the VPN Gateway. In the traces I could observe high frame length packet length when using UDP. When TCP only is allowed everything works and I can see lower values in the frame length.
In the packetcaptures I can find icmp unreachable messages sent from the UTM to the MS VPN Gateway:
So are there any changes in behaviour since some time or also starting with v. 9.707?
Any ideas how to solve such an issue?
This thread was automatically locked due to age.