Upstream Firewall dropping connections from the Edge SWG (ProxySG) or ASG appliance
search cancel

Upstream Firewall dropping connections from the Edge SWG (ProxySG) or ASG appliance

book

Article ID: 167093

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Edge SWG (ProxySG) or ASG with a firewall configured to intercept outbound traffic from the proxy. End users experience intermittent slowness when accessing websites

Packet captures shows multiple TCP retransmissions from the Edge SWG or ASG, but no response from server-side until the proxy users another TCP source port.

 

Cause

The most likely cause is a shorter connection persistence timeout on the firewall than the Edge SWG persistent connection setting. The firewall will drop the packets from the Edge SWG silently.

Resolution

To address this issue, adjust the Edge SWG persistence timeout to align with the firewall connection persistence setting.

To adjust the persistence timeout, connect using serial console/telnet/SSH via CLI command then enter configuration mode:

ProxySG>
ProxySG>enable
Enable Password:
ProxySG#conf t

Enter configuration commands, one per line.  End with CTRL-Z.

Modify the values:

ProxySG#(config)http persistent-timeout server <seconds>
ProxySG#(config)http persistent-timeout client <seconds>

Default,  persistent connection timeouts:

  Server:                   900 seconds
  Client:                    360 seconds

Powered by Wolken Software