Users accessing internet via Cloud SWG using IPSEC access method.

Hundreds of Meraki IPSEC tunnels exist sending all Web traffic into Cloud SWG.

After a recent Cloud SWG maintenance, user connectivity to any Web server listening on a non standard port would fail e.g. trying to access https://example.com:10000 would render the standard browser connectivity error.

Web servers listening on TCP 80, 8080, 443 or 8443 would all work.

IPSEC tunnels.

Cloud SWG.

WEB_PROTECT license.

Cloud SWG IPSEC firewall not sending any requests up to Cloud Proxy as Client Firewall Service (CFS) was disabled.

Enable Cloud Firewall Service, and create a policy that allows Web traffic to all non standard TCP ports needed.

With a recent (April '24) maintenance, all IPSEC tunnelled inbound requests on non standard TCP ports were blocked by Cloud SWG unless a

• valid 'VPN_ALL_PORTS' license was active on the tenant (this entitlement is no longer available) or
• a valid 'WEB_PROTECT' license was active AND Client Firewall Service was enabled on the tenant, allowing requests upstream.