502 when accessing internal website via Zero Trust

When accessing an internal website using Zero Trust client we are getting a 502 from Access.

We have an internal CA on the ingress for the internal.site, and have ask full enabled on the domain.

Any ideas?