Users accessing internet sites via Cloud SWG using Proxy forwarding access method without issues.
Dedicated IP address feature enabled for organisation's intranet site.
After making PAC file changes to send 100k users to intranet site via Cloud SWG, many users reported slowness rendering pages or timeout errors.
Proxy forwarding.
Cloud SWG.
Dedicated IP address.
Intranet web site closing connections after idle timeout without any indication to Cloud SWG.
Multiple solutions exist to address the issue on OCS side, although final change was to the on premise proxy:
It was decided to go with the last option of modifying the on-premise idle client timeout and no further issues were seen.
From the PCAPs taken on the dedicated IP address gateways, we can see that everytime the problem happened, the existing socket was re-used after a certain time (243 seconds in this case):
In this case, the request would be retransmitted 10 times before a TCP FIN was issued, which typically took about 3 minutes.
Since the Cloud Proxy did not get a response back to it's request within 180 seconds, the TCP_ERROR was triggered.