I've got an SRX1500 and SRX320 in an SDWAN POC
The 1500 is configured for local breakout and has a breakout policy configured for the internet tag. The 320 connects to it fine as a spoke and there is a permit firewall policy between a created Department which both SRX's test directly connected LAN segments are connected to.
Clients on the 320 can successfully break out to the internet via the 1500. However local clients on the 1500 can't - the directly connected subnet's gateway (the 1500) advises there is no route to host.
Also clients on either subnet cannot ping each other despite being part of the same Department. Has anyone come across this before? I'm relatively new to Juniper and brand new to SDWAN so not too sure where to start. I've tried some tracerouting / pinging via the various VRFs that have been created but I'm not too sure which one is the one I need to test!