We can encounter an issue in the SASE client where it’s unable to fetch the private ip information on the android client during authentication with the gateway causing the connection to fail. Issue is seen on the latest 7.5.2 VSA client too. A hot-fix will be made for the same.
The workaround is to see a high cookie expiration timer, say 12 hours and a lower portal time-out say 4 hours.
Refer to the documentation below to understand the configuration being described
https://docs.versa-networks.com/SASE/Versa_Secure_Access/Use_the_Versa_SASE_Client_Application
In your authentication profile (which is called under “portal” and “gateway”) set the “Caching mode” to “cookie base” and set the “Cache expiration” to 720 - please refer to the below section in the documentation
Under the portal’s “gateway” profile, set the portal life time to 240
Reasoning for the above changes is below
The reason for increasing the cookie expiration value is that when the cookie is valid we will not get into the flow that is leading to this problem, if we reduce the portal life time the client goes for auto config sync which authenticates the user and sets cookie, the same cookie gets used when it connects to the gate post auto config sync. So we will not get into that problematic flow.
Sub-note:
During the problem condition you observe the below diagnostic log on the sase client, you can see that the url request lack the “ip-address” (private ip) information