Making ConnectionsUsers behind the socket cannot access IPSec Tunnels
Users working remotely (home network) are able to successfully access Azure Virtual Desktop (AVD). However, when users are connected via the Site Socket, access to AVD fails.
As part of our troubleshooting, we manually configured the client-side DNS settings on a test laptop. With this configuration, DNS resolution functioned as expected, and we were able to successfully establish connectivity to AVD. This behavior suggests that the issue is related to DNS resolution within the Cato environment—specifically, DNS forwarding to the client-defined DNS servers does not appear to be functioning as expected.
Given this, we would like to inquire if there is a mechanism to prioritize client DNS settings on a per-user or per-group basis within Cato.
For reference, when connected via the Site Socket network, client devices are assigned IP addresses within the subnet range 10.254.xxx.x.
When users are connected via Home Wi-Fi or Mobile Data, they are able to successfully access the client’s Azure Virtual Desktop (AVD). In this scenario, the assigned IP address falls within the subnet range 10.20.xxx.xx.
