I've set up a new UAG. I have set several of these up over the years, but always with one nic. This is my first one with two nics, though I'm not sure that that is related to the issue I'm running into. I have this set up for access from the WAN and it should tunnel the connection.

The strange thing is that if I use the horizon client it works perfectly. I authenticate with saml and it passes me back to the connection server and I'm able to connect to desktops and apps.

What doesn't work is the html access. I am able to pull up the html portal and then authenticate with saml, which is successful, but then the connection gets redirected to the internal fqdn of the connection server, which of course fails to connect because it's an internal server on a domain that isn't publicly resolveable.

Anything related to redirects is disabled on the uag and the connection server. I can't figure out why it's trying to redirect to that internal address. And more confusing, I can't figure out why it doesn't happen with the software client. Anyone have any ideas?