MicrosoftI am still little sad about the Private DNS feature is still in public preview.
Its a key part of the private access solution, and our test concludes that it is very unstable.
The NRPT table is not updated in order for the private dns part to work ( with out a tunnel service restart)
in our POC we need to restart the tunneling service (GSAclient) after validating MFA in order to connect and do single label name lookup.( service restart requires local admin permission, witch our users do not have)
Also the GSA client is not good at detecting a MFA validation has succeeded.
It takes 2-3 minutes ( best case) from the user signing in and afterwards validating MFA , until the GSA client connects to SSE.
This is sadly bad user experience, in comparison with other VPN clients.
I also experience occasionally dropouts, when the client keeps says ( you need to sign in)
We are on the verge of changing our Cisco VPN solution. And i think this is just some "child sickness" issues with the GSA client, but before this gets sorted out, it is not mature enought for an enterprise environment.
( West eu customer)
GSA version 2.1.149
