When you navigate to a particular web site, the client browser return the error "ERROR The requested URL could not be retrieved". Closer examination of the error page shows "(110) Connection timed out". If you change the settings of the client browser so that it does not use SWG as a SOCKS proxy, the client browser displays a search page instead.

Full error (actual URLs and IP addresses removed):

Behavior by design. The SOCKS proxy component of SWG appliance will return an error page for this sort of timeout, and the other proxy components may not necessarily do so.

1. Within the client browser settings, remove the SOCKS proxy configuration.
2. Start a packet capture from the SWG appliance, restricted by IP address.
3. Clear the cache within the client browser.
4. Clear the Proxy cache within SWG UI. On Administration> Configuration> Proxy, click "Flush All".
5. Reproduce symptom by surfing to target website with the client browser.
6. Examine the packet capture to identify the MAC address of the upstream device for the SWG appliance.
7. When examining the packet captures, note the MAC address of the foreign host with the IP address of URL you seek to navigate.
8. Consult the administrator of the upstream device to determine whether the upstream device relayed the SYN packets from SWG and whether the upstream device received a SYN/ACK reply.

Applies To

- SWG version 5.0.1 or later
- SWG mode: Inline or Inline+Proxy
- Client browser proxy settings point to the ports and addresses where SWG listens for its respective proxy connections