Enterprise administrator decides the IP address range which will be behind the Client-Connector and those IP addresses will be reachable through the Client-Connector when the user logs into SDWAN-Client application.
But with MS Windows Defender Firewall turned ON (with default policy) , some of the IP address are not reachable.
VMware SD-Access , Velocloud SDWAN-Client,
MS Windows Defender Firewall
When an IP range is defined the Client-Connector sends the range to the Users and User system OS puts those range in the routing table.
Under Network Resource , the Target IP Range configuration does not carry any subnet information. The Enterprise administrator defines the start and end IP address only as described in the product guide.
The user (client laptop e.g Windows) machine upon receiving the IP range segregates the range to fit under a subnet mask.
If the user system is running with MS Windows Defender Firewall turned ON (with default policy) ,then some of the IP address may not be reachable.
This happens as the user system OS tries to fit the defined IP range into the all possible subnets.
During this process some of the IP address will be classified as Broadcast IP in those ranges and get installed in the host kernel with metric of 258.
With Microsoft Defender Firewall turned on, when the response comes back from these IPs, the host system firewall silently drops them.
Lets compare route table information for two entries
10.1.50.1-10.1.50.254 vs 10.1.31.0-10.1.31.255
If the purpose is to define a range of IP addresses then define the range which fits into a proper subnet.
To troubleshoot the issue, please follow below steps:
If issue still persists and unable to identify the root cause, please submit a case with Support with all the required details (as mentioned in KB 368552).