Users in the office network aren't able to use the PAM appliance without connecting to VPN. We engaged the network team to look into this issue as we thought it was related to routing but from network side.

Pinging the appliances from a host in the 172.17.0.0/16 network range does not reply although pinging or accessing from any other network range works fine. Also accessing target devices in the same same range act as if they are firewalled although there is no firewalls at all between them

PAM internal Docker services uses 172.17.0.0 which leads to an issue with IP routing in and out of the PAM appliances and Utility servers. The Docker service was just introduced in Symantec PAM 4.x to enable additional future services including the PAMSC integration and PAM Utility Appliances.

The recommended method is to modify the Docker Network settings as shown here.