TCP connections on the Edge SWG (formerly the ProxySG) appliance stalls and almost no data is transmitted.

• SGOS 7.2.1.1 and later
• TCP on the Edge SWG appliance is using the New-Reno algorithm for congestion control (the default configuration)
• A network environment that is prone to congestion, packet loss, and long-running connections

The cause is a known issue with using the New-Reno algorithm in environments that experience congestion and packet loss. Congestion or packet loss can cause the Edge SWG appliance to stall. When the appliance stalls, it sends 1 byte of application data every 5 seconds. For long-running connections, the appliance takes a long time to send all the packets at a rate of 1 byte per 5 seconds.

Upgrade to a version of SGOS that has a fix for this issue. The first releases to have the fix is 7.3.14.5 and 7.3.19.1 and later. See the SGOS 7.3.x Release Notes for a list of patch releases that contain the fix.

Workaround

If you cannot upgrade, make one of the following configuration changes:

Disable the New-Reno improvements with the following CLI command:

#(config) tcp-ip tcp-cc-newreno-improvements disable

OR

Change the congestion control algorithm to cubic with the following CLI command:

#(config)tcp-ip congestion-algorithm cubic

The congestion control algorithm that you configure impacts the throughput of TCP connections.

Before configuring a different congestion control algorithm research the algorithm to determine whether it works for your environment. 

Note: If you change the congestion control algorithm, you may notice a reduction in throughput for TCP connections.