When browsing the Internet you see the error:

• Network Error (tcp_error)
• The request could not be handled

In a packet capture, you see a 503 error returned by the proxy to the client.

There are several reasons why you may see the "Network Error (tcp_error)" message:

• The destination web server has port 80 and/or 443 closed.
• For a new implementation or topology change, the IP gateway may be misconfigured.
• There may be a Layer 2 or Layer 3 loop on the network
• Asymmetric routing or something upstream is not passing the proxy's traffic to the Internet

If the problem occurs with a specific URL or destination, it may be due to one of the following:

• 3-way TCP handshake fails between the Proxy and the Origin Content Server (OCS).
• A reset (RST) packet coming from upstream towards the proxy on a specific tcp session.
• Something upstream is not passing the proxy's traffic out to the Internet.
• Layer 2 or Layer 3 loop on the network for a specific URL/destination.
• In certain scenarios, some sites may not be accessible to the public from all source IP addresses, In such situations whitelisting the source IP on the OCS side is required for access.

When this problem occurs, obtain a packet capture; it is very important to see what is happening on the wire.

To take a packet capture from the proxy, go the Admin Console UI: Administration > Service Information > Packet Capture or to https://<IP.address.of.Edge_SWG>:8082/PCAP/statistics