Users cannot access some external websites when ADN is enabled. Even though this feature is used between devices siting across a WAN link, packets sent to external websites can also be affected.
The issue is due to the use of "Options" field in the TCP header. Refer to the following example of an ADN enabled packet capture:
Configure the ProxySG appliance to bypass the ADN for such websites so that this extra information is not added. Install the following policy:
server_url.domain=<website domain> adn.server(no)
Some affected sites at the time of writing this article: