Error: "Network error (tcp_error)" when browsing the Internet; 503 error returned to the client

book

Article ID: 167696

calendar_today

Updated On:

Products

Web Security Service - WSS Advanced Secure Gateway Software - ASG Symantec WebFilter (formerly Blue Coat WebFilter - BCWF) Secure Web Gateway Virtual Appliance ProxySG Software - SGOS

Issue/Introduction

When browsing the Internet you see the error:

  • Network Error (tcp_error)
  • Request could not be handled

In a packet capture, you see a 503 error returned by the proxy to the client.

Cause

There are several reasons why you may see the "Network Error (tcp_error)" message:

  • For a new implementation or topology change, the IP gateway may be misconfigured.
  • There may be a Layer 2 or Layer 3 loop on the network
  • Asymmetric routing or something upstream is not passing the proxy's traffic to the Internet

Resolution

If the problem occurs with a specific URL or destination, it may be due to one of the following:

  • 3-way TCP handshake fails between the Proxy and the Origin Content Server (OCS).
  • A reset (RST) packet coming from upstream towards the proxy on a specific tcp session.
  • Something upstream is not passing the proxy's traffic out to the Internet.
  • Layer 2 or Layer 3 loop on the network for a specific URL/destination.

When this problem occurs, obtain a packet capture; it is very important to see what is happening on the wire. To take a packet capture from the proxy, go to https://<IP.address.of.ProxySG>:8082/PCAP/statistics.

Download Wireshark to view a packet capture taken from ProxySG.