OK, cool, let's then discuss real network stuff as this is domain you understand
<im315.kcc client> (172.16.2.x) <--> (172.16.2.100) <router> (172.16.1.x) <--> (172.16.1.1) <Zentyal DEV gw315.kcc> (222.127.106.205) <--> internet linkIs THAT correct?
Assuming answer is yes
and assuming you have enabled transparent proxy, then HTTPS uses only firewall.
when you trace route from your client to internet, you stop at Zentyal server (internal interface) while Zentyal itself is able to connect to internet.
As you are network expert, we can assume there is not issue with network like missing default route or stuff like this
Therefore the only solution is that firewall is preventing packets to exit through Zentyal. Do you agree? If yes, then look at firewall rules again (BTW, look at FW log, it may help).
I would say that:
- FW is
not configured to allow all internal flow to exit to internet (why not, this makes sense)
- you may have only authorized 172.16.1.0/24
Sorry, I can't help more than this