Traffic initiated from internal host towards SSL VPN client is dropped with "Unauthorized SSL VPN traffic" log
"Unauthorized SSL VPN traffic" is an implied "cleanup" rule of the Mobile Access policy. If traffic is to/from SSL VPN client, but does not match any rule in the MAB policy, the traffic will be dropped on this rule.
In the specific scenario described, the rule is not matched because a "Server to Client" application rule is limited to hosts behind the MAB gateway, but the host is in a remote encryption domain.
Important Note: Make sure that the specific scenario applies. In most cases "Unauthorized SSL VPN traffic" log is due to misconfiguration (no relevant rule for the traffic in MAB policy).
Therefore, before requesting a hotfix, please make sure that the following applies:
1. Native Application created with the relevant Host/Destination IP address as the Authorized Location.
2. It is used in an appropriate rule at the Mobile Access Policy for the relevant users. Make sure the users are matched for the user groups in the rule.
3. If protection level is used, make sure users are able to pass its check.
4. Check that the user is allowed to access the resource in it's Allowed Location properties. (User Properties -> Location)
5. Resource must be part of the Gateway's encryption domain/topology in order for traffic to work.