The situation is this. After the normal traffic passes through the PA, it goes to the nginx proxy server in the DMZ. The nginx then sends the traffic to the back-end server, and finally the server sends the traffic to the nginx proxy server. The nginx then sends the traffic to the PA, and the PA is finally given to the user. However, this is the case. We are doing a PA online for a customer, replacing the CheckPoint with a PA. When PA was first launched, users could access applications normally. After a few hours, only computer access was found, and there was a problem with mobile phone access, and it would prompt failure to call the port. But the PA log shows that everything is normal, there is no blocked log, and we show that the traffic of the application is normal, and it is not blocked by TP, but the user's mobile phone can't access it, only the computer can access it. So we did a rollback, replaced the PA with a CP, and the user experience was normal. Why is that?
Is this all traffic on mobile phone which has issues?
Are you doing ssl decryption on the PA?
Which mode PA is vwire?
PA is export equipment. It is not possible for all mobile phones, but the computer is normal.
is any ssl decryption enabled for mobile users?
Might be trusted cert needed for the mobile users.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!