I am facing a very strange issue with Identity Awareness. I want to make a new implementation where a remote access user will have access to AWS through a site-to-site VPN. I am using Identity Collector.
The flow of the user is like this
User --> External VS.1 (Identity Awareness Rule)--> External VS.2 (Identity Awareness Rule) --> AWS
The site-to-site vpn is established on External VS.2.
The strange behavior is that the user matches the identity rule at External VS.1 but not at the External VS.2. As a result i am dropping at the drop rule and i cannot connect to my resources at AWS.
Do you have any idea why identity awareness rules is matching only at one of my two VS;
I have Identity Awareness blade active on both firewalls