IKEv2 clients can no longer access sites on the trusted/optional networks M200 12.5.11
I suspect this occurred during the 12.5.11 update, but I am unsure. Previously, the firebox was on version 12.5.9.
As of a somewhat indeterminate time, users connecting via IKEv2 mobile vpn can no longer access http or https content on the internal network. Prior to updating to 12.5.11, they could (that's how I did the update).
They can ping any device they should be able to (at least the half dozen or so I've checked).
With logging enabled for the "Allow IKEv2 Users", the traffic monitor shows that requests are being passed along fine.
Possibly of note - IKEv2 Users (group) and the users in said group (ike2c1 - ike2cn) do not show up in the WebUI policy manager (and so cannot be added to other policies) but do show up in the WSM Policy Manager. They are also present in Authentication > Servers > FireboxDB, but not Authentication > Users and Groups. Unsure if that's expected behaviour.