Page doesn't load at all.
Page loads fine outside of corporate network.
This site can't be reached.
The browser displays a page reset error:
Release : 1.15
Component : Proxy
Packet capture showed the initial connection to Web Isolation proxy being successful but then a reset for the ssl client hello.
No log entries were displayed on the Web Isolation manager for this connection which suggested something in between sending the rst. It is not going to be a tcp level issue such as close-wait state since the rst is not at the syn, syn ack, ack stage.
To prove this was not Web Isolation sending the rst we made a connection to the http equivalent url. So if the rst was for https://www.broadcom.com then we did a connection to http://www.broadcom.com.
This would normally result in a redirect from http to https. In this case we could see the Palo Alto firewall blocking the connection based on dynamic dns category rather than the generic browser reset page.
Made change on the firewall to allow this site and the connection via Web Isolation is working again.
Note that www.broadcom.com was not the site in question here. It is just an example to show the redirect from https to http.