About xuserjam

Can somebody check this?   admin@PA850-FW1(active)> show session id 117862 Session 117862 c2s flow: source: 10.0.1.51 [SNS_VPN] dst: 10.0.0.2 proto: 1 sport: 1 dport: 12088 state: INIT type: FLOW src user: vpn_user1 dst user: unknown s2c flow: source: 10.0.0.2 [SNS Trust] dst: 10.0.1.51 proto: 1 sport: 12088 dport: 1 state: INIT type: FLOW src user: unknown dst user: vpn_user1 pbf rule: Web Access 1 start time : Sun Jul 25 13:27:24 2021 timeout : 6 sec total byte count(c2s) : 74 total byte count(s2c) : 74 layer7 packet count(c2s) : 1 layer7 packet count(s2c) : 1 vsys : vsys1 application : ping rule : GPZone_to_SNS_Zone service timeout override(index) : False session to be logged at end : True session in session ager : False session updated by HA peer : False layer7 processing : enabled URL filtering enabled : False session via syn-cookies : False session terminated on host : False session traverses tunnel : True session terminate tunnel : False captive portal session : False ingress interface : tunnel.1 egress interface : ae1 session QoS rule : N/A (class 4) tracker stage firewall : Aged out end-reason : aged-out   What I am missing here? I can ping internal (trust) PA interface IP (10.0.0.254) from VPN connected host, but any host from the 10.0.0.x network is unreachable. 10.0.0.254 is the default GW.   ... View more