Users cannot access some external websites when ADN is enabled. Even though this feature is used between devices siting across a WAN link, packets sent to external websites can also be affected.

The issue is due to the use of "Options" field in the TCP header. Refer to the following example of an ADN enabled packet capture:
 

The size of the "Options" section is showing a high value of 36 bytes. This is due to the addition of ADN information by using this field. A normal TCP packet will have a size up to 20 bytes for "Options".

This issue doesn't happen for all websites; very few are known to have this issue. The root cause can be due to server incompatibility or a security device blocking modified TCP packets in case of a potential security threat.

Configure the ProxySG appliance to bypass the ADN for such websites so that this extra information is not added. Install the following policy:

<forward>
server_url.domain=<website domain> adn.server(no)

Some affected sites at the time of writing this article:

https://login.poems.com.sg
https://support.property.saiglobal.com