We followed the product document and configured SSLVPN, but can't access intranet after login SSLVPN via SecoClient.
It is no problem but the mechanism is changed after version V500R001C30SPC300. When we enable Network Extension, firewall will check the reverse-route when it send SSLVPN packets. We changed the reverse-route mechanism after V500R001C30SPC300. Firewall define the source zone as the public ip address of SSLVPN Client PC, but don’t define as the SSLVPN Client’s iprivate ip address.
ip route-static 0.0.0.0 0.0.0.0 x.x.x.x
Checked the firewall configuration, it has two same-cost default route, when firewall check the reverse-route of the public ip address, it may come from the two different outbound interface. And the outbound interface have two different zone (Untrust1 or untrust). So you must configure the source zone both Untrust1 and untrust.
ip route-static 0.0.0.0 0.0.0.0 y.y.y.y
Firewall define the source-zone as the route of the public ip address of SSLVPN Client PC but not the private ip address.
Configured the security-policy's source zone as the two outbound interface.
rule name SSLVPN