Cloud SWG data center VIPs are not accepting connections on port 443

OR

IP SLA Tracking not working on port 443 on data center VIP

Cloud SWG access method : IPSec/VPN

IPSec requires tcp port 500 and 4500 to perform initial IPSec encryption setup. Later it uses ESP protocol for communication which does not require port like TCP/UDP do. Direct connection to 443 port to IPSec data center VIPs is never required to have IPSec tunnel working. So, port 443 is blocked on all data center VIPs dedicated for IPSec connections. Inside IPSec tunnel, connection to 443 still works.

Using IP SLA tracking to data center VIP is not recommended though port 80 and 8080 are available to connect.  Ideally, IP SLA tracking should be done on external websites.