TSA and SSO
TSA agent is authenticated by SSO, if you login with RDP, open a browser and access Internet everything is working. The user is authenticated by SSO.
Problems occur when you try to use another protocol, like ping of ftp not necessarily to WAN but also on DMZ.
While Internet Access is working if you start a continuous ping to 220.127.116.11 the first packet is dropped by "Enforced firewall rule" then the other packets are received and at the 11th packet ping starts to work.
Same behavior if you try to ping 18.104.22.168
This delay is caused by SSO trying to authenticate the session because if you exclude the ICMP with a "full sso bypass" there is no delay at all.
Looks like the SSO is working only for HTTPS and "per sessions" for other protocols.
The only way to avoid this problem is to bypass SSO for other protocols.
Of course the option "Don't block user traffic while waiting for SSO including for All access rules" is enabled.
Is this the excepted behavior?