ProxySG appliance is getting RST from a client as soon as the TCP session is established

book

Article ID: 166817

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Users are denied access to a specific URL, but access logging and policy tracing don't show a deny. A packet capture taken on the ProxySG appliance shows that it's receiving a reset (RST) packet from the client machine.

Resolution

This issue can occur if a network device (such as an Intrusion Protection System or Stateful Firewall) is positioned between your network and the ProxySG appliance, and it terminates the connection.

To troubleshoot this issue, capture packets on both the client and ProxySG appliance at the same time, and then compare the transactions.
If the IPS or Firewall terminates the connection, the transactions appear as follows: 

  client         IPS          ProxySG         OCS
     ---- SYN ----------------->
     <--- SYN/ACK --------------
     ---- ACK ----------------->
     --- HTTP GET -x
                   |--- RST --->
     <--- 400 -----|
     <--- FIN -----|