Regarding your query on HotSpot and WPA2 SSID, I would first suggest:
a. Deauthorize the client from vSZ (if already connected in past) b. Forget the SSID from the client device if trying to test within the session/grace period of the previous authentication.
2. For the HotSpot, profile, you can edit the profile and reduce the grace period to 1 min and then try to test. You have to wait for 1 min before you attempt to re-connect to HotSpot SSID to get redirected.
3. For WPA2 SSID, the controller remembers the previous authentication for a certain amount of period and hence the issue. Once you make the changes on the SSID, we always suggest forgetting the SSID on the client device before you connect to the SSID again.