Let me preface this with the fact that i have a open support case under investigation - but putting it out there for others
My AnyConnect service on my MX stopped working suddenly , after Alot of trouble shooting - it seems that the new implementation of the New MX 3 inbound FW rules block the AnyConnect clients connections..
Symptoms were the AC clients just timing out ..prior to auth
No general Log entries
i found that if i looked at the live firewall logs (under appliance status tools) then i saw the connections being denied (by rule 0)
so i added in a L3 inbound rule - Any - Any on AnyConnect Port did the trick - although im not 100% happy with this as it opens the devices to all inbound connections to the service port (seems bad)
That said surely this is something the AnyConnect Service should be doing ? and NOT a manual firewall entry ??
Anyone else seeing this ? comments ?