This can be a detailed issue so I agree a case is probably best. Other things you can try yourself. This error is typically from a network reachability issue. I suggest checking the reachability of private apps on your network. Browser-based Access uses Carrier-grade NAT (GCNAT) space 100.64.0.0/10 as a source IP, and the route for that network should be visible in the MX routing table as shown below. How is your private app connected to the Secure Connect fabric? MX tunnel? IPSec? If you are using an MX you can perform a packet capture on the MX to see that the GCNAT traffic is making it to the MX. You could also do a packet capture on the private app also looking for that GCNAT space.
... View more
