R80.40 Take 77.
I've have 2 VS (let's call them Internal and External) which take identities from the Identity Collector, and it seems to work great.
When I post Intranet links on External thanks to Mobile Access Unified Policy, I configure who has access to what link based on AD group membership.
At this point, results are quite unreliable. Sometimes the link would appear, then at next login it wouldn't.
Checking the logs on Blade:Identity Awareness on External, I see that users are correctly mapped to their respective AD groups.
However, the Mobile Access logs provide "User does not belong to any group" upon login. Then after some time, it works. When the policy is pushed, the issue resets and I need to wait up to one hour, but sometimes more or less (the issue is quite undefined) before the links appear again.
I've tried to use Identity Sharing from Internal (close to AD) to External without much success, there it uses the internal VSX network to communicate between the VS on the ports 15XXX and 28XXX and it's all blocked because of local interface spoofing.
From what I see, I don't really think it's an IA issue because on External, users are consistently mapped to their groups from what I see in the logs, but Mobile Access doesn't seem to capture that or very inconsistently, so I was wondering if there were known scenario similar to this one that some of the community encountered which could provide some advice?