So, Ive reviewed the documentation around proxy servers, and enabled "Detect From IE" on client.
I have split tunnelling enabled, or send all traffic to GW set to "NO".
The ENC domain for the GW object looks ok, in that its only internall addresses / networks.
However, when I launch a browser tab, which should launch the PAC file connection, I see it being forced into the client VPN, and being dropped by the GW.
It seems the routing / VPN config is wrong here.
What would be the most likely issue here, or place to start investigating?
Am I correct to assume the desktop policy doesnt even come into play here, give the traffic is routing over the VPN?