Logging intrazone-default is something we hadn't considered. Its worth a shot to try. Thanks. As for the allow rule; The current rule is: allow any external ip , tcp 443 to the nat'ed dmz address, application type ssl That works for every external client except for clients using this one particular ISPs service. Ive gone so far as to push an Allow any protocol, port, zone from a given source IP (including any application) to the top of the rule base and made no impact to the problem.
... View more