Hello,
I recently set up ZTNA with our XGS (v20) as gateway to test ZTNA as an alternative to VPN.
Setting this stuff up worked like a charm until I reached the point of accessing resources...
I tried to add agentless resources with internal FQDN server-A.mydomain.local with HTTPS/443 and then access them with a authenticated user.
But the browser returns error "no healthy upstream".
I can confirm, that DNS resolution is working properly because after adding a different FQDN resource with a port different than 443 (e.g. Webadmin 4444 or any other internal web app that is listening on a different port than 443) was successful.
Is there any way to debug the behaviour on the firewall? I mean it is nice they added the ZTNA Gateway feature but without logs it is almost impossible to dig deeper in a specific direction.
My humble assumption is:
The ZTNA releated traffic somehow gets affected by the web proxy.
Because:
Running curl commands for two different web services on the console return different results.
curl https://server-A.mydomain.local:443
-> Reset by peer (the peer in that case is our Upstream Proxy we have to use, could confirm it by using http/80 instead)
curl https://server-B.mydomain.local:9710
-> correct answer from actual webserver
This thread was automatically locked due to age.