KB40791 - Windows Store is not reachable through a VPN tunnel from a domain-joined machine when Windows firewall is enabled for Domain profile

This article describes an issue where the Windows Store is not reachable through a VPN tunnel from a domain-joined machine when Windows firewall is enabled for Domain profile.

When a VPN tunnel is created with Network Connect or Pulse Secure Desktop client, end user may notice the Windows Store is no longer reachable.  Once the tunnel is disconnected, the Windows Store is reachable again.

This issue is applicable when all conditions are met:

1. Domain-joined machine
2. Windows firewall is enabled with "Domain" network profile applied
3. End user is using Pulse Secure Desktop client or Network Connect to reach the Windows Store

This issue occurs due to the firewall network profile for "Domain" is blocking outbound traffic for Windows Store apps.

To resolve this issue, perform the following steps:

1. Open the Group Policy Management snap-in (gpmc.msc) and edit the Default Domain Policy.
2. From the Group Policy Management Editor, expand Computer Configuration > Policies > Administrative Templates > Network
3.  Click Network Isolation
4. In the right pane, double-click Private network ranges for apps
5. In the Private network ranges for apps dialog box, click Enabled
6. In the Private subnets text box, enter the IP address range assigned by the Pulse Connect Secure device.
7. Double-click Subnet definitions are authoritative
8. Click Enabled
9. Perform a group policy update on the server and the client to reflect changes.

The above steps is allowing only the private network range (IP address range assigned by the PCS device) for network isolation. All other IP ranges that would come through AD sites is not considered as private for network isolation. 

Please note this change is only specific to network isolation. Once the change is applied, a new firewall rule will be created and would override the previous firewall rule. For more information about network isolation with Windows Store apps, please refer to the following MS documentation.