The purpose of this article is to look at the most common reason why the proxy might reject (reset a connection) right after receiving an SYN packet from client machines that have the proxy configured in their browsers.
When this occurs, in a packet capture we can see the proxy sends a packet with the RST and ACK flags on (RST-ACK).
In Explicit environments, as the destination IP of all TCP connections will be the proxy’s IP, the proxy must be listening in the port that was specified in the browser settings. Otherwise, the proxy will reset the connection. This can be changed in Configuration > Services > Proxy Services > Explicit HTTP.
If the Service is set to “Bypass”, it will block all incoming connections, acting as a closed port in a firewall.
Changing the service to “Intercept” will open the port so explicit connections can be interpreted by the proxy.
Subscribing will provide email updates when this Article is updated. Login is required.