I suspect I'm missing something obvious, so I'm after some help please.
I've set up remote access using Azure AD auth (Identity Provider) - both for Mobile Access (with SNX) and client VPN. Both authenticate fine and I get an Office Mode IP. Great.
I've configured an Access Role where I've specified certain users from Azure AD. When I click "add" it browses Azure AD with no problem, and I select the users I want.
The Access Role is in a rule allowing access to the LAN.
But it doesn't work. It's as if nothing is being picked up on that Access Role rule. Traffic is dropped on the cleanup.
If I add a rule lower down to allow the Office Mode net to get to the LAN, then my traffic works on that rule.
I can't work out why my traffic isn't allowed on the Access Role rule which has my Azure name in it? Obviously I don't want to leave the Office Mode rule in otherwise I have no way of creating rules based on the person. I presumed Access Roles should do this but they are being completely ignored 😞
I've tried with and without Remote Access in the VPN column, and also tried with Captive Portal in the Accept column. No difference...
Does anyone have any ideas please?!