AnyConnect SWG will not successfully activate or network reliability while on VPN degrades when SWG is active. This applies to all SSL VPNs using ports 80 and 443.
When adding SWG Bypass domains under Deployments -> Domain Management -> External Domains, add the domain and IP address of your VPN head end servers to the list. Due to the heavy connections on the VPN, the IP entry ensures that this traffic is never intercepted by the SWG agent. Please allow one hour for the new setting to propagate.
In summary, when using a SSL VPN and SWG:
- Add the VPN domain to the External Domains list
- Add the VPN head end IP addresses or IP range to the External Domains list