Error: "Network error (tcp_error)" when browsing the Internet; 503 error returned to the client
search cancel

Error: "Network error (tcp_error)" when browsing the Internet; 503 error returned to the client

book

Article ID: 167696

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

When browsing the Internet you see the error:

  • Network Error (tcp_error)
  • The request could not be handled

In a packet capture, you see a 503 error returned by the proxy to the client.

Cause

There are several reasons why you may see the "Network Error (tcp_error)" message:

  • The destination web server has port 80 and/or 443 closed.
  • For a new implementation or topology change, the IP gateway may be misconfigured.
  • There may be a Layer 2 or Layer 3 loop on the network
  • Asymmetric routing or something upstream is not passing the proxy's traffic to the Internet

Resolution

If the problem occurs with a specific URL or destination, it may be due to one of the following:

  • 3-way TCP handshake fails between the Proxy and the Origin Content Server (OCS).
  • A reset (RST) packet coming from upstream towards the proxy on a specific tcp session.
  • Something upstream is not passing the proxy's traffic out to the Internet.
  • Layer 2 or Layer 3 loop on the network for a specific URL/destination.
  • In certain scenarios, some sites may not be accessible to the public from all source IP addresses, In such situations whitelisting the source IP on the OCS side is required for access.

When this problem occurs, obtain a packet capture; it is very important to see what is happening on the wire. To take a packet capture from the proxy, go to https://<IP.address.of.ProxySG>:8082/PCAP/statistics.

Download Wireshark to view a packet capture taken from ProxySG.