ProxySG appliance is getting RST from a client as soon as the TCP session is established


Article ID: 166817


Updated On:


ProxySG Software - SGOS


Users are denied access to a specific URL, but access logging and policy tracing don't show a deny. A packet capture taken on the ProxySG appliance shows that it's receiving a reset (RST) packet from the client machine.


This issue can occur if a network device (such as an Intrusion Protection System or Stateful Firewall) is positioned between your network and the ProxySG appliance, and it terminates the connection.

To troubleshoot this issue, capture packets on both the client and ProxySG appliance at the same time, and then compare the transactions.
If the IPS or Firewall terminates the connection, the transactions appear as follows: 

  client         IPS          ProxySG         OCS
     ---- SYN ----------------->
     <--- SYN/ACK --------------
     ---- ACK ----------------->
     --- HTTP GET -x
                   |--- RST --->
     <--- 400 -----|
     <--- FIN -----|