2FA Remote Access VPN (Flex 200H V1.32(ABWV.0) )

Hi!

My client has a Flex 200H V1.32(ABWV.0) firewall and we - the network administrators - are using/enabling IPSec VPN for the networks users to access the network remotely.
(Also using SSL VPN with OpenVPN.)
From the beginnings we used "native clients built into Windows" in win10/11 for "home office" users.
They are downloadable (from the firewall GUI) configurations for windows and macOS. It needs user name and password after the VPN is installed as the 1st authentication.
Without the 2nd authentication nor internet, nor the client's intranet worked for anyone who did the 1st authentication, except for an intranet site (firewall LAN address plus port number: 192.168.X.X:XXXX) was available for the 2nd authentication.
After the 2nd authentication both internet and full intranet became available.

But since yesterday (2025.06.02.) the 1st authentication enables both the internet and the intranet without the 2nd authentication.
How is this possible?