You can review the connection activity and status on the appliance on the Reports > Networking: Current Connections page.

For a new cluster, the SaaS application classification for the first connection is not recognized (it does not yet match the in-path rule) and the connection is passed through.

The appliance uses the first connection to classify the application, and the application classification will be recognized for the second connection.

Subsequent connections are recognized and redirected to the SaaS service cluster. The initial connection to each service instance will generate an SSL error while the SaaS service cluster obtains the proxy certificate for the traffic to accelerate.

For Client Accelerator, you can review the connection activity and status of endpoints either from the Endpoint Report on the Client Accelerator Controller or from the Status tab of an individual Client Accelerator endpoint.

Client Accelerator begins to accelerate SaaS traffic after receiving the updated policy with the SaaS application in-path rule and SaaS Accelerator is enabled. For Client Accelerator communication with a new cluster, the first connection is intentionally passed through to classify the application and acceleration begins with the second connection. Client Accelerator might encounter SSL errors and pass through traffic until the proxy certificate for the SaaS application is available on the SaaS service cluster.