We can encounter an issue in the SASE client where it’s unable to fetch the private ip information on the android client during authentication with the gateway causing the connection to fail. Issue is seen on the latest 7.5.2 VSA client too. A hot-fix will be made for the same.

The workaround is to see a high cookie expiration timer, say 12 hours and a lower portal time-out say 4 hours.

Refer to the documentation below to understand the configuration being described

https://docs.versa-networks.com/SASE/Versa_Secure_Access/Use_the_Versa_SASE_Client_Application

In your authentication profile (which is called under “portal” and “gateway”) set the “Caching mode” to “cookie base” and set the “Cache expiration” to 720  - please refer to the below section in the documentation

Under the portal’s “gateway” profile, set the portal life time to 240 

Reasoning for the above changes is below

The reason for increasing the cookie expiration value is that when the cookie is valid we will not get into the flow that is leading to this problem, if we reduce the portal life time the client goes for auto config sync which authenticates the user and sets cookie, the same cookie gets used when it connects to the gate post auto config  sync. So we will not get into that problematic flow.

Sub-note:

During the problem condition you observe the below diagnostic log on the sase client, you can see that the url request lack the “ip-address” (private ip) information