- Experience intermittent slowness when accessing websites
- From the packet capture, seeing multiple TCP retransmissions from the ProxySG/ASG, but no response from upstream until the proxy server switches to another source TCP port
The main reason is because the upstream firewall somehow dislikes the persistent connection from the proxy server, which dropped packets silently.
- To compliment on firewall behavior, we have to adjust the persistent timeout depending on the threshold that the firewall will start dropping the packet.
- To adjust the persistent timeout, connect using serial console/telnet/SSH via CLI command:
Enter configuration commands, one per line. End with CTRL-Z.
ProxySG#(config)http persistent-timeout server <seconds>
ProxySG#(config)http persistent-timeout client <seconds>
By default, persistent connection timeouts:-
Server: 900 seconds
Client: 360 seconds
The recommended persistent timeout value to overcome problem above is 120 seconds. However, it is still subject to firewall behavior.