I made a mistake with the description, in the second rule Accept.

According to Mobile Access R80.30 Administration Guide in Mobile Access and the Unified Access Policy - Best Practices for Rules:
Do not use a gateway as the Destination in a Mobile Access rule. The rules authorize a user's access to an internal resource. Use Any or the internal hosts of relevant applications in the Destination column.

We set the portal address in Destination (the portal address is the external virtual interface of the cluster), after that our traffic is dropped implied rules - dropped by multiportal infrastructure

Sorry, i can not understand you. You have two conflicting rules in your first post, both with Dest GW, and now you tell us: Do not use a gateway as the Destination in a Mobile Access rule.

I know lots of people may disagree with what I will say, but I always found stealth rule in the policy not that useful. If you think about it, implicit clean up rule would block any unwanted traffic, but its true that at the end of the day stealth rule does serve the purpose of blocking communication to the firewall itself.

Anyway, back to your issue...Im also little confused like @G_W_Albrecht . Can you send a screenshot? I think it would help...happy to do remote if you like and help you out.

I would suggest that you better ask TAC for a solution...

when trying to install a policy with rules 15, 16 enabled and rule 9 disabled, it fails.

after we set the portal address to rule 16 instead of the gateway object in destination, our traffic began to be blocked by implied rules

Can you send screenshot of how currently rules are set?

Andy

We moved the Mobile Access rule above the Stealth rule, but now we have third-party users, when they receive an address from our pool, they lose their local network.
All traffic begins to wrap itself in the tunnel. Can you tell me where to set it up?

Why not contact TAC to get this resolved once and for all ?

I agree 100% with @G_W_Albrecht . Just work with TAC and have this resolved.