Error: "Network error (tcp_error)" when browsing the Internet; 503 error returned to the client


Article ID: 167696


Updated On:


Web Security Service - WSS Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


When browsing the Internet you see the error:

  • Network Error (tcp_error)
  • The request could not be handled

In a packet capture, you see a 503 error returned by the proxy to the client.


There are several reasons why you may see the "Network Error (tcp_error)" message:

  • The destination web server has port 80 and/or 443 closed.
  • For a new implementation or topology change, the IP gateway may be misconfigured.
  • There may be a Layer 2 or Layer 3 loop on the network
  • Asymmetric routing or something upstream is not passing the proxy's traffic to the Internet


If the problem occurs with a specific URL or destination, it may be due to one of the following:

  • 3-way TCP handshake fails between the Proxy and the Origin Content Server (OCS).
  • A reset (RST) packet coming from upstream towards the proxy on a specific tcp session.
  • Something upstream is not passing the proxy's traffic out to the Internet.
  • Layer 2 or Layer 3 loop on the network for a specific URL/destination.

When this problem occurs, obtain a packet capture; it is very important to see what is happening on the wire. To take a packet capture from the proxy, go to https://<IP.address.of.ProxySG>:8082/PCAP/statistics.

Download Wireshark to view a packet capture taken from ProxySG.