Problem

The SASE client on Windows repeatedly disconnects within one minute, reconnects, and then disconnects again. This cycle continues indefinitely.


Cause

This behavior is caused by the way Windows detects captive portals when connecting to the internet.

  • Windows uses www.msftconnecttest.com to verify internet connectivity.

  • If Windows cannot reach this domain, it assumes there is network issue and resets the network connection.

  • This leads to the SASE client repeatedly disconnecting and reconnecting.


Addition information on windows behavior - https://www.comparitech.com/net-admin/fix-msftconnecttest-redirect-error/


Solution

If your security policies block www.msftconnecttest.com, Windows connectivity checks will fail and trigger this issue.

To resolve the problem:

  • Add an explicit security access policy to allow traffic matching the URL pattern:

    .*msftconnecttest.com.*

Once access is permitted, Windows will correctly validate connectivity, and the SASE client will maintain a stable connection.


How to Configure the URL Pattern and Attach It to a Security Policy

Configure user defined URL category for URL pattern .*msftconnecttest.com.* :

Go to Configure > Security Service Edge > User-Defined Objects > URL Categories



Match above User defined URL category at internet protection policy and set policy action Allow:

Go to Configure > Security Service Edge > Real-Time Protection > Internet Protection