XGS Webadmin not loading some pages when connecting over ipsec0

Question

We have a strange issue to one location connected via IPSec Site-2-Site. The XGS is connected to a SG firewall. 
 The Webadmin of the XGS on that remote location is a bit slow but me an a colleague cannot open the Rules and policies page. Other pages work. 
 The webadmin gets stuck and we can only see a spinning circle. 
 Today I sometimes noticed a red banner on the webadmin. Showing fo a second, disappearing, coming again and again. 
 
 TCP Dump shows communication between my PC and the remote XGS but at some point I can see TLS error 21 "Encrypted Alert". 
 I have not found any blocked packets or issues in the advanced logs on remote and local firewall. 
 
 I would say this site is connected absolutely identical like an other remote site with a XGS firewall where we do not have such issues when working on the webadmin of the remote firewall. 
 
 When we connect to the XGS webadmin from outside the IPSec tunnel, all is working fine. e.G. from WAN or LAN zone on that remote firewall. 
 TCP Dump on my computer: 
 554	10.210757	my_computer xgs_firewall	TCP	66	54193 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
558	10.220147	xgs_firewall	my_computer TCP	66	4444 → 54193 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
559	10.220344	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1 Ack=1 Win=262400 Len=0
564	10.224984	my_computer xgs_firewall	TLSv1.2	571	Client Hello
565	10.225630	xgs_firewall	my_computer TCP	60	4444 → 54193 [ACK] Seq=1 Ack=518 Win=65664 Len=0
587	10.257623	xgs_firewall	my_computer TLSv1.2	1514	Server Hello
591	10.257752	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=1461 Ack=518 Win=33536 Len=1460 [TCP segment of a reassembled PDU]
592	10.257774	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=518 Ack=2921 Win=262400 Len=0
593	10.257793	xgs_firewall	my_computer TLSv1.2	414	Certificate, Server Key Exchange, Server Hello Done
594	10.266023	my_computer xgs_firewall	TLSv1.2	180	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
598	10.278020	xgs_firewall	my_computer TLSv1.2	105	Change Cipher Spec, Encrypted Handshake Message
600	10.278602	my_computer xgs_firewall	TLSv1.2	636	Application Data
605	10.328837	xgs_firewall	my_computer TCP	60	4444 → 54193 [ACK] Seq=3332 Ack=1226 Win=34688 Len=0
654	11.436034	xgs_firewall	my_computer TLSv1.2	1514	Application Data
655	11.436180	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=4792 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
656	11.436227	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=6252 Win=262400 Len=0
657	11.436599	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=6252 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
658	11.436720	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=7712 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
659	11.436757	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=9172 Win=262400 Len=0
660	11.436786	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=9172 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
666	11.437461	xgs_firewall	my_computer TLSv1.2	1514	Application Data [TCP segment of a reassembled PDU]
667	11.437513	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=12092 Win=262400 Len=0
668	11.437590	xgs_firewall	my_computer TLSv1.2	1514	Application Data [TCP segment of a reassembled PDU]
671	11.438049	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=13552 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
672	11.438115	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=15012 Win=262400 Len=0
673	11.438219	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=15012 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
677	11.438634	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=16472 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
678	11.438690	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=17932 Win=262400 Len=0
685	11.444972	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=17932 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
688	11.445508	xgs_firewall	my_computer TLSv1.2	1514	Application Data, Application Data
690	11.445562	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=20852 Win=262400 Len=0
694	11.445638	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=20852 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
698	11.446742	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=22312 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
699	11.446794	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=23772 Win=262400 Len=0
700	11.446899	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=23772 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
701	11.446945	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=25232 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
702	11.446968	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=26692 Win=262400 Len=0
703	11.447620	xgs_firewall	my_computer TLSv1.2	1514	Application Data [TCP segment of a reassembled PDU]
704	11.447726	xgs_firewall	my_computer TLSv1.2	1514	Application Data [TCP segment of a reassembled PDU]
705	11.447772	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=29612 Win=262400 Len=0
706	11.447816	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=29612 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
707	11.447850	xgs_firewall	my_computer TCP	1514	4444 → 54193 [PSH, ACK] Seq=31072 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
708	11.447890	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=32532 Win=262400 Len=0
711	11.447969	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=32532 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
719	11.448465	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=33992 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
720	11.448515	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=35452 Win=262400 Len=0
721	11.448581	xgs_firewall	my_computer TLSv1.2	1514	Application Data [TCP segment of a reassembled PDU]
728	11.453953	xgs_firewall	my_computer TLSv1.2	1514	Application Data [TCP segment of a reassembled PDU]
729	11.453993	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=38372 Win=262400 Len=0
731	11.454484	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=38372 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
732	11.454547	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=39832 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
733	11.454570	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=41292 Win=262400 Len=0
739	11.456644	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=41292 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
742	11.456741	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=42752 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
744	11.456777	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=44212 Win=262400 Len=0
745	11.456816	xgs_firewall	my_computer TLSv1.2	1514	Application Data, Application Data
746	11.456865	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=45672 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
747	11.456888	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=47132 Win=262400 Len=0
752	11.457446	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=47132 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
754	11.457552	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=48592 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
755	11.457585	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=50052 Win=262400 Len=0
756	11.457634	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=50052 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
763	11.459945	xgs_firewall	my_computer TCP	1514	4444 → 54193 [PSH, ACK] Seq=51512 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
764	11.459981	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=52972 Win=262400 Len=0
769	11.462662	xgs_firewall	my_computer TLSv1.2	1514	Application Data, Application Data
771	11.462839	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=54432 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
773	11.462866	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=55892 Win=262400 Len=0
777	11.462940	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=55892 Ack=1226 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
782	11.463668	xgs_firewall	my_computer TLSv1.2	679	Application Data
783	11.463699	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1226 Ack=57977 Win=262400 Len=0
787	11.472450	my_computer xgs_firewall	TLSv1.2	599	Application Data
790	11.480720	xgs_firewall	my_computer TCP	60	4444 → 54193 [ACK] Seq=57977 Ack=1771 Win=35840 Len=0
792	11.482293	xgs_firewall	my_computer TLSv1.2	1514	Application Data
793	11.482363	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=59437 Ack=1771 Win=35840 Len=1460 [TCP segment of a reassembled PDU]
794	11.482386	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1771 Ack=60897 Win=262400 Len=0
798	11.482989	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=60897 Ack=1771 Win=35840 Len=1460 [TCP segment of a reassembled PDU]
804	11.495104	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=62357 Ack=1771 Win=35840 Len=1460 [TCP segment of a reassembled PDU]
805	11.495164	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1771 Ack=63817 Win=262400 Len=0
808	11.495769	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=63817 Ack=1771 Win=35840 Len=1460 [TCP segment of a reassembled PDU]
811	11.496513	xgs_firewall	my_computer TCP	1514	4444 → 54193 [ACK] Seq=65277 Ack=1771 Win=35840 Len=1460 [TCP segment of a reassembled PDU]
812	11.496545	my_computer xgs_firewall	TCP	54	54193 → 4444 [ACK] Seq=1771 Ack=66737 Win=262400 Len=0
1107	16.486319	xgs_firewall	my_computer TLSv1.2	85	[TCP Previous segment not captured] , Encrypted Alert
1108	16.486396	my_computer xgs_firewall	TCP	66	[TCP Dup ACK 812#1] 54193 → 4444 [ACK] Seq=1771 Ack=66737 Win=262400 Len=0 SLE=68130 SRE=68161
1492	26.499536	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1517	27.510655	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1546	28.521197	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1555	29.532812	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1557	30.540432	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1626	31.555164	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1645	32.563157	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1673	33.575026	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1694	34.584526	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1754	35.586693	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54193 → 4444 [ACK] Seq=1770 Ack=66737 Win=262400 Len=1
1783	36.596449	my_computer xgs_firewall	TCP	54	54193 → 4444 [RST, ACK] Seq=1771 Ack=66737 Win=0 Len=0
1784	36.599132	my_computer xgs_firewall	TCP	66	54220 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
1797	36.610326	xgs_firewall	my_computer TCP	66	4444 → 54220 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
1798	36.610400	my_computer xgs_firewall	TCP	54	54220 → 4444 [ACK] Seq=1 Ack=1 Win=262400 Len=0
1801	36.616985	my_computer xgs_firewall	TLSv1.2	571	Client Hello
1802	36.617465	xgs_firewall	my_computer TCP	60	4444 → 54220 [ACK] Seq=1 Ack=518 Win=65664 Len=0
1816	36.669354	xgs_firewall	my_computer TLSv1.2	1514	Server Hello
1817	36.669475	xgs_firewall	my_computer TCP	1514	4444 → 54220 [ACK] Seq=1461 Ack=518 Win=33536 Len=1460 [TCP segment of a reassembled PDU]
1818	36.669521	my_computer xgs_firewall	TCP	54	54220 → 4444 [ACK] Seq=518 Ack=2921 Win=262400 Len=0
1819	36.669553	xgs_firewall	my_computer TLSv1.2	414	Certificate, Server Key Exchange, Server Hello Done
1820	36.678499	my_computer xgs_firewall	TLSv1.2	180	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
1824	36.692757	xgs_firewall	my_computer TLSv1.2	105	Change Cipher Spec, Encrypted Handshake Message
1826	36.693662	my_computer xgs_firewall	TLSv1.2	589	Application Data
1831	36.704949	xgs_firewall	my_computer TLSv1.2	1514	Application Data
1835	36.705535	xgs_firewall	my_computer TCP	1514	4444 → 54220 [ACK] Seq=4792 Ack=1179 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
1836	36.705573	my_computer xgs_firewall	TCP	54	54220 → 4444 [ACK] Seq=1179 Ack=6252 Win=262400 Len=0
1839	36.705736	xgs_firewall	my_computer TCP	1514	4444 → 54220 [ACK] Seq=6252 Ack=1179 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
1844	36.714547	xgs_firewall	my_computer TCP	1514	4444 → 54220 [ACK] Seq=7712 Ack=1179 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
1846	36.714605	my_computer xgs_firewall	TCP	54	54220 → 4444 [ACK] Seq=1179 Ack=9172 Win=262400 Len=0
1850	36.742229	my_computer xgs_firewall	TCP	66	54221 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
1852	36.746251	my_computer xgs_firewall	TCP	66	54222 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
1864	36.751940	xgs_firewall	my_computer TCP	66	4444 → 54221 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
1865	36.751996	my_computer xgs_firewall	TCP	54	54221 → 4444 [ACK] Seq=1 Ack=1 Win=262400 Len=0
1872	36.755825	xgs_firewall	my_computer TCP	66	4444 → 54222 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
1873	36.755905	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1 Ack=1 Win=262400 Len=0
1875	36.757615	my_computer xgs_firewall	TLSv1.2	571	Client Hello
1877	36.758167	xgs_firewall	my_computer TCP	60	4444 → 54221 [ACK] Seq=1 Ack=518 Win=65664 Len=0
1878	36.762517	my_computer xgs_firewall	TLSv1.2	571	Client Hello
1879	36.763044	xgs_firewall	my_computer TCP	60	4444 → 54222 [ACK] Seq=1 Ack=518 Win=65664 Len=0
1910	36.798448	xgs_firewall	my_computer TLSv1.2	1514	Server Hello
1915	36.798612	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=1461 Ack=518 Win=33536 Len=1460 [TCP segment of a reassembled PDU]
1916	36.798643	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=518 Ack=2921 Win=262400 Len=0
1917	36.798666	xgs_firewall	my_computer TLSv1.2	414	Certificate, Server Key Exchange, Server Hello Done
1928	36.802805	xgs_firewall	my_computer TLSv1.2	1514	Server Hello
1929	36.802896	xgs_firewall	my_computer TCP	1514	4444 → 54221 [ACK] Seq=1461 Ack=518 Win=33536 Len=1460 [TCP segment of a reassembled PDU]
1930	36.802919	my_computer xgs_firewall	TCP	54	54221 → 4444 [ACK] Seq=518 Ack=2921 Win=262400 Len=0
1931	36.802977	xgs_firewall	my_computer TLSv1.2	414	Certificate, Server Key Exchange, Server Hello Done
1938	36.813759	my_computer xgs_firewall	TLSv1.2	180	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
1944	36.821821	my_computer xgs_firewall	TLSv1.2	180	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
1947	36.825576	xgs_firewall	my_computer TLSv1.2	105	Change Cipher Spec, Encrypted Handshake Message
1950	36.834813	xgs_firewall	my_computer TLSv1.2	105	Change Cipher Spec, Encrypted Handshake Message
1966	36.846308	my_computer xgs_firewall	TLSv1.2	846	Application Data
1971	36.847401	my_computer xgs_firewall	TLSv1.2	689	Application Data
2000	36.887718	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2003	36.888062	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=4792 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2004	36.888103	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1436 Ack=6252 Win=262400 Len=0
2007	36.888353	xgs_firewall	my_computer TCP	1055	[TCP Previous segment not captured] 4444 → 54222 [PSH, ACK] Seq=10632 Ack=1436 Win=35200 Len=1001 [TCP segment of a reassembled PDU]
2008	36.888373	my_computer xgs_firewall	TCP	66	[TCP Dup ACK 2004#1] 54222 → 4444 [ACK] Seq=1436 Ack=6252 Win=262400 Len=0 SLE=10632 SRE=11633
2012	36.888479	xgs_firewall	my_computer TCP	1514	[TCP Out-Of-Order] 4444 → 54222 [ACK] Seq=6252 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2015	36.888717	xgs_firewall	my_computer TCP	1514	[TCP Out-Of-Order] 4444 → 54222 [ACK] Seq=7712 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2016	36.888764	my_computer xgs_firewall	TCP	66	54222 → 4444 [ACK] Seq=1436 Ack=9172 Win=262400 Len=0 SLE=10632 SRE=11633
2018	36.889025	xgs_firewall	my_computer TCP	1514	[TCP Out-Of-Order] 4444 → 54222 [ACK] Seq=9172 Ack=1436 Win=35200 Len=1460
2020	36.889151	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2021	36.889173	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1436 Ack=13093 Win=262400 Len=0
2024	36.889918	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=13093 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2026	36.890053	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=14553 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2027	36.890087	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1436 Ack=16013 Win=262400 Len=0
2035	36.891171	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=16013 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2041	36.897526	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=17473 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2043	36.897566	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1436 Ack=18933 Win=262400 Len=0
2045	36.898061	xgs_firewall	my_computer TLSv1.2	1514	Application Data, Application Data
2046	36.898302	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=20393 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2047	36.898342	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1436 Ack=21853 Win=262400 Len=0
2052	36.898703	xgs_firewall	my_computer TCP	1514	[TCP Out-Of-Order] 4444 → 54222 [ACK] Seq=6252 Ack=1436 Win=35200 Len=1460[Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)]
2053	36.898722	my_computer xgs_firewall	TCP	66	[TCP Dup ACK 2047#1] 54222 → 4444 [ACK] Seq=1436 Ack=21853 Win=262400 Len=0 SLE=6252 SRE=7712
2060	36.900092	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=21853 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2062	36.900168	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=23313 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2063	36.900202	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1436 Ack=24773 Win=262400 Len=0
2067	36.900383	xgs_firewall	my_computer TCP	60	4444 → 54221 [ACK] Seq=3332 Ack=1279 Win=34816 Len=0
2069	36.900688	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=24773 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2075	36.901256	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=26233 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2076	36.901287	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1436 Ack=27693 Win=262400 Len=0
2085	36.907855	xgs_firewall	my_computer TLSv1.2	1514	Application Data, Application Data
2088	36.908449	xgs_firewall	my_computer TCP	1514	4444 → 54222 [ACK] Seq=29153 Ack=1436 Win=35200 Len=1460 [TCP segment of a reassembled PDU]
2090	36.908483	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1436 Ack=30613 Win=262400 Len=0
2094	36.908636	xgs_firewall	my_computer TLSv1.2	753	Application Data
2125	36.950462	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=1436 Ack=31312 Win=261632 Len=0
2144	36.979928	my_computer xgs_firewall	TLSv1.2	846	Application Data
2159	36.993702	xgs_firewall	my_computer TLSv1.2	585	Application Data, Application Data
2173	37.018603	my_computer xgs_firewall	TLSv1.2	846	Application Data
2179	37.032491	xgs_firewall	my_computer TLSv1.2	585	Application Data, Application Data
2215	37.073659	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=3020 Ack=32374 Win=262400 Len=0
2261	37.539834	xgs_firewall	my_computer TLSv1.2	1012	Application Data, Application Data
2263	37.580889	my_computer xgs_firewall	TLSv1.2	832	Application Data
2264	37.581118	my_computer xgs_firewall	TLSv1.2	732	Application Data
2268	37.586794	my_computer xgs_firewall	TCP	66	54243 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2273	37.590597	xgs_firewall	my_computer TCP	60	4444 → 54221 [ACK] Seq=4290 Ack=1957 Win=36224 Len=0
2274	37.590848	my_computer xgs_firewall	TCP	66	54244 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2277	37.594702	my_computer xgs_firewall	TCP	66	54245 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2279	37.595674	xgs_firewall	my_computer TCP	66	4444 → 54243 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2282	37.595753	my_computer xgs_firewall	TCP	54	54243 → 4444 [ACK] Seq=1 Ack=1 Win=262400 Len=0
2287	37.599830	xgs_firewall	my_computer TCP	66	4444 → 54244 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2288	37.599913	my_computer xgs_firewall	TCP	54	54244 → 4444 [ACK] Seq=1 Ack=1 Win=262400 Len=0
2292	37.603456	my_computer xgs_firewall	TLSv1.2	571	Client Hello
2293	37.603998	xgs_firewall	my_computer TCP	60	4444 → 54243 [ACK] Seq=1 Ack=518 Win=65664 Len=0
2296	37.604910	xgs_firewall	my_computer TCP	66	4444 → 54245 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2298	37.604997	my_computer xgs_firewall	TCP	54	54245 → 4444 [ACK] Seq=1 Ack=1 Win=262400 Len=0
2300	37.608368	my_computer xgs_firewall	TLSv1.2	571	Client Hello
2301	37.608910	xgs_firewall	my_computer TCP	60	4444 → 54244 [ACK] Seq=1 Ack=518 Win=65664 Len=0
2304	37.612872	my_computer xgs_firewall	TLSv1.2	571	Client Hello
2305	37.613400	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=1 Ack=518 Win=65664 Len=0
2318	37.632209	xgs_firewall	my_computer TCP	60	4444 → 54222 [ACK] Seq=32374 Ack=3798 Win=39936 Len=0
2334	37.643508	xgs_firewall	my_computer TLSv1.2	1514	Server Hello
2335	37.643658	xgs_firewall	my_computer TCP	1514	4444 → 54244 [ACK] Seq=1461 Ack=518 Win=33536 Len=1460 [TCP segment of a reassembled PDU]
2336	37.643723	my_computer xgs_firewall	TCP	54	54244 → 4444 [ACK] Seq=518 Ack=2921 Win=262400 Len=0
2338	37.643753	xgs_firewall	my_computer TLSv1.2	414	Certificate, Server Key Exchange, Server Hello Done
2341	37.643908	xgs_firewall	my_computer TLSv1.2	1514	Server Hello
2342	37.643980	xgs_firewall	my_computer TCP	1514	4444 → 54243 [ACK] Seq=1461 Ack=518 Win=33536 Len=1460 [TCP segment of a reassembled PDU]
2343	37.644013	my_computer xgs_firewall	TCP	54	54243 → 4444 [ACK] Seq=518 Ack=2921 Win=262400 Len=0
2344	37.644075	xgs_firewall	my_computer TLSv1.2	414	Certificate, Server Key Exchange, Server Hello Done
2353	37.651253	xgs_firewall	my_computer TLSv1.2	1514	Server Hello
2354	37.651346	xgs_firewall	my_computer TCP	1514	4444 → 54245 [ACK] Seq=1461 Ack=518 Win=33536 Len=1460 [TCP segment of a reassembled PDU]
2355	37.651376	my_computer xgs_firewall	TCP	54	54245 → 4444 [ACK] Seq=518 Ack=2921 Win=262400 Len=0
2356	37.651407	xgs_firewall	my_computer TLSv1.2	414	Certificate, Server Key Exchange, Server Hello Done
2358	37.652483	my_computer xgs_firewall	TLSv1.2	180	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
2361	37.660844	my_computer xgs_firewall	TLSv1.2	180	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
2366	37.664770	xgs_firewall	my_computer TLSv1.2	105	Change Cipher Spec, Encrypted Handshake Message
2367	37.667000	my_computer xgs_firewall	TLSv1.2	180	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
2371	37.675239	xgs_firewall	my_computer TLSv1.2	105	Change Cipher Spec, Encrypted Handshake Message
2372	37.680637	xgs_firewall	my_computer TLSv1.2	105	Change Cipher Spec, Encrypted Handshake Message
2375	37.684402	my_computer xgs_firewall	TLSv1.2	870	Application Data
2376	37.684843	my_computer xgs_firewall	TLSv1.2	909	Application Data
2379	37.685541	my_computer xgs_firewall	TLSv1.2	875	Application Data
2384	37.721834	xgs_firewall	my_computer TLSv1.2	552	Application Data, Application Data
2385	37.722439	my_computer xgs_firewall	TLSv1.2	874	Application Data
2388	37.736627	xgs_firewall	my_computer TCP	60	4444 → 54243 [ACK] Seq=3332 Ack=1499 Win=35328 Len=0
2390	37.736676	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=3332 Ack=1465 Win=35200 Len=0
2393	37.776009	xgs_firewall	my_computer TCP	60	4444 → 54244 [ACK] Seq=3830 Ack=2280 Win=36864 Len=0
2397	37.891567	xgs_firewall	my_computer TLSv1.2	825	Application Data, Application Data
2399	37.892810	my_computer xgs_firewall	TLSv1.2	870	Application Data
2403	37.901660	xgs_firewall	my_computer TCP	60	4444 → 54244 [ACK] Seq=4601 Ack=3096 Win=38528 Len=0
2407	37.910735	xgs_firewall	my_computer TLSv1.2	702	Application Data, Application Data
2409	37.912411	my_computer xgs_firewall	TLSv1.2	871	Application Data
2415	37.967813	xgs_firewall	my_computer TCP	60	4444 → 54244 [ACK] Seq=5249 Ack=3913 Win=40064 Len=0
2419	37.976754	xgs_firewall	my_computer TLSv1.2	733	Application Data, Application Data
2421	37.977634	my_computer xgs_firewall	TLSv1.2	732	Application Data
2424	37.986592	xgs_firewall	my_computer TCP	60	4444 → 54222 [ACK] Seq=33053 Ack=4476 Win=41472 Len=0
2440	38.325842	xgs_firewall	my_computer TLSv1.2	657	Application Data, Application Data
2442	38.327766	my_computer xgs_firewall	TLSv1.2	799	Application Data
2446	38.336765	xgs_firewall	my_computer TCP	60	4444 → 54244 [ACK] Seq=5852 Ack=4658 Win=41728 Len=0
2488	38.802278	xgs_firewall	my_computer TLSv1.2	988	Application Data, Application Data
2489	38.803020	my_computer xgs_firewall	TLSv1.2	954	Application Data
2494	38.813013	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=4266 Ack=2365 Win=36992 Len=0
2504	39.279143	xgs_firewall	my_computer TLSv1.2	813	Application Data, Application Data
2505	39.281648	my_computer xgs_firewall	TLSv1.2	872	Application Data
2511	39.294055	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=5025 Ack=3183 Win=38784 Len=0
2514	39.294561	xgs_firewall	my_computer TLSv1.2	584	Application Data, Application Data
2516	39.296471	my_computer xgs_firewall	TLSv1.2	881	Application Data
2520	39.310996	xgs_firewall	my_computer TLSv1.2	562	Application Data, Application Data
2524	39.311921	my_computer xgs_firewall	TLSv1.2	880	Application Data
2529	39.324276	xgs_firewall	my_computer TLSv1.2	564	Application Data, Application Data
2530	39.325081	my_computer xgs_firewall	TLSv1.2	879	Application Data
2534	39.340400	xgs_firewall	my_computer TLSv1.2	583	Application Data, Application Data
2537	39.341375	my_computer xgs_firewall	TLSv1.2	874	Application Data
2540	39.368750	xgs_firewall	my_computer TLSv1.2	555	Application Data, Application Data
2543	39.369519	my_computer xgs_firewall	TLSv1.2	872	Application Data
2548	39.382744	xgs_firewall	my_computer TLSv1.2	553	Application Data, Application Data
2550	39.384108	my_computer xgs_firewall	TLSv1.2	865	Application Data
2554	39.397856	xgs_firewall	my_computer TLSv1.2	903	Application Data, Application Data
2556	39.399493	my_computer xgs_firewall	TLSv1.2	855	Application Data
2561	39.415131	xgs_firewall	my_computer TLSv1.2	1308	Application Data, Application Data
2563	39.416625	my_computer xgs_firewall	TLSv1.2	738	Application Data
2566	39.467950	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=10205 Ack=9595 Win=53248 Len=0
2605	40.929938	xgs_firewall	my_computer TLSv1.2	1035	Application Data, Application Data
2607	40.931199	my_computer xgs_firewall	TLSv1.2	917	Application Data
2610	40.942637	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=11186 Ack=10458 Win=55040 Len=0
2615	41.229029	xgs_firewall	my_computer TLSv1.2	1059	Application Data, Application Data
2616	41.230557	my_computer xgs_firewall	TLSv1.2	920	Application Data
2620	41.239759	xgs_firewall	my_computer TCP	60	4444 → 54243 [ACK] Seq=4337 Ack=2365 Win=36992 Len=0
2635	41.558239	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2639	41.559182	xgs_firewall	my_computer TCP	1514	4444 → 54245 [ACK] Seq=12646 Ack=10458 Win=55040 Len=1460 [TCP segment of a reassembled PDU]
2640	41.559310	my_computer xgs_firewall	TCP	54	54245 → 4444 [ACK] Seq=10458 Ack=14106 Win=262400 Len=0
2645	41.569048	xgs_firewall	my_computer TLSv1.2	640	Application Data
2647	41.571055	my_computer xgs_firewall	TLSv1.2	924	Application Data
2651	41.579665	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=14692 Ack=11328 Win=56832 Len=0
2659	41.709091	xgs_firewall	my_computer TLSv1.2	85	[TCP Previous segment not captured] , Encrypted Alert
2661	41.709142	my_computer xgs_firewall	TCP	66	[TCP Dup ACK 1846#1] 54220 → 4444 [ACK] Seq=1179 Ack=9172 Win=262400 Len=0 SLE=10560 SRE=10591
2669	42.026031	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2671	42.026507	xgs_firewall	my_computer TLSv1.2	1489	Application Data
2672	42.026654	my_computer xgs_firewall	TCP	54	54245 → 4444 [ACK] Seq=11328 Ack=17587 Win=262400 Len=0
2675	42.028782	my_computer xgs_firewall	TLSv1.2	924	Application Data
2678	42.037790	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=17587 Ack=12198 Win=58496 Len=0
2681	42.341974	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2683	42.342501	xgs_firewall	my_computer TCP	1514	4444 → 54243 [ACK] Seq=5797 Ack=2365 Win=36992 Len=1460 [TCP segment of a reassembled PDU]
2684	42.342611	my_computer xgs_firewall	TCP	54	54243 → 4444 [ACK] Seq=2365 Ack=7257 Win=262400 Len=0
2710	42.788437	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2712	42.788800	xgs_firewall	my_computer TCP	1514	4444 → 54245 [ACK] Seq=19047 Ack=12198 Win=58496 Len=1460 [TCP segment of a reassembled PDU]
2713	42.788929	my_computer xgs_firewall	TCP	54	54245 → 4444 [ACK] Seq=12198 Ack=20507 Win=262400 Len=0
2717	42.798596	xgs_firewall	my_computer TLSv1.2	882	Application Data
2719	42.800369	my_computer xgs_firewall	TLSv1.2	862	Application Data
2723	42.811026	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=21335 Ack=13006 Win=60288 Len=0
2734	43.136939	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2737	43.137296	xgs_firewall	my_computer TCP	1514	4444 → 54245 [ACK] Seq=22795 Ack=13006 Win=60288 Len=1460 [TCP segment of a reassembled PDU]
2738	43.137435	my_computer xgs_firewall	TCP	54	54245 → 4444 [ACK] Seq=13006 Ack=24255 Win=262400 Len=0
2750	43.146979	xgs_firewall	my_computer TLSv1.2	285	Application Data
2753	43.148353	my_computer xgs_firewall	TLSv1.2	924	Application Data
2757	43.157753	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=24486 Ack=13876 Win=62080 Len=0
2782	43.290157	my_computer xgs_firewall	TLSv1.2	85	Encrypted Alert
2783	43.290207	my_computer xgs_firewall	TCP	54	54222 → 4444 [FIN, ACK] Seq=4507 Ack=33053 Win=261888 Len=0
2784	43.290690	my_computer xgs_firewall	TLSv1.2	85	Encrypted Alert
2785	43.290725	my_computer xgs_firewall	TCP	54	54221 → 4444 [FIN, ACK] Seq=1988 Ack=4290 Win=261120 Len=0
2790	43.291309	my_computer xgs_firewall	TLSv1.2	85	Encrypted Alert
2792	43.291415	my_computer xgs_firewall	TCP	54	54244 → 4444 [FIN, ACK] Seq=4689 Ack=5852 Win=261120 Len=0
2793	43.291746	my_computer xgs_firewall	TCP	66	54258 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2796	43.292312	my_computer xgs_firewall	TCP	66	54259 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2800	43.293251	my_computer xgs_firewall	TCP	66	54260 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2803	43.295327	my_computer xgs_firewall	TCP	66	54261 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2804	43.295440	my_computer xgs_firewall	TLSv1.2	85	Encrypted Alert
2805	43.295738	my_computer xgs_firewall	TCP	66	54262 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2806	43.295773	my_computer xgs_firewall	TCP	54	54245 → 4444 [FIN, ACK] Seq=13907 Ack=24486 Win=262144 Len=0
2810	43.296153	my_computer xgs_firewall	TLSv1.2	85	Encrypted Alert
2811	43.296217	my_computer xgs_firewall	TCP	54	54243 → 4444 [FIN, ACK] Seq=2396 Ack=7257 Win=262400 Len=0
2813	43.297145	my_computer xgs_firewall	TCP	66	54263 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2817	43.298381	xgs_firewall	my_computer TCP	60	4444 → 54222 [ACK] Seq=33053 Ack=4507 Win=41472 Len=0
2822	43.299441	xgs_firewall	my_computer TCP	60	4444 → 54221 [ACK] Seq=4290 Ack=1988 Win=36224 Len=0
2825	43.300407	xgs_firewall	my_computer TCP	60	[TCP Previous segment not captured] 4444 → 54244 [ACK] Seq=7237 Ack=4689 Win=41728 Len=0
2827	43.300512	xgs_firewall	my_computer TLSv1.2	85	Encrypted Alert
2828	43.300543	my_computer xgs_firewall	TCP	66	[TCP Dup ACK 2442#1] 54244 → 4444 [ACK] Seq=4690 Ack=5852 Win=261120 Len=0 SLE=7237 SRE=7268
2838	43.301482	xgs_firewall	my_computer TCP	66	4444 → 54258 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2839	43.301542	xgs_firewall	my_computer TCP	66	4444 → 54259 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2845	43.302335	xgs_firewall	my_computer TCP	66	4444 → 54260 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2849	43.304624	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=24486 Ack=13907 Win=62080 Len=0
2851	43.304699	xgs_firewall	my_computer TCP	66	4444 → 54261 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2855	43.306695	xgs_firewall	my_computer TCP	66	4444 → 54263 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2856	43.306800	my_computer xgs_firewall	TCP	54	54263 → 4444 [ACK] Seq=1 Ack=1 Win=262400 Len=0
2860	43.310383	xgs_firewall	my_computer TCP	60	[TCP Previous segment not captured] 4444 → 54243 [ACK] Seq=8649 Ack=2396 Win=36992 Len=0
2863	43.310494	xgs_firewall	my_computer TLSv1.2	85	Encrypted Alert
2866	43.310518	my_computer xgs_firewall	TCP	66	[TCP Dup ACK 2684#1] 54243 → 4444 [ACK] Seq=2397 Ack=7257 Win=262400 Len=0 SLE=8649 SRE=8680
2867	43.310564	xgs_firewall	my_computer TCP	66	4444 → 54262 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2870	43.314428	my_computer xgs_firewall	TLSv1.2	571	Client Hello
2871	43.315028	xgs_firewall	my_computer TCP	60	4444 → 54263 [ACK] Seq=1 Ack=518 Win=65664 Len=0
2877	43.332261	my_computer xgs_firewall	TCP	66	54264 → 4444 [SYN] Seq=0 Win=64954 Len=0 MSS=1460 WS=256 SACK_PERM=1
2882	43.340637	xgs_firewall	my_computer TCP	60	4444 → 54222 [ACK] Seq=33053 Ack=4508 Win=41472 Len=0
2884	43.340709	xgs_firewall	my_computer TCP	60	4444 → 54221 [ACK] Seq=4290 Ack=1989 Win=36224 Len=0
2890	43.341843	xgs_firewall	my_computer TCP	66	4444 → 54264 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
2891	43.341949	my_computer xgs_firewall	TCP	54	54264 → 4444 [ACK] Seq=1 Ack=1 Win=262400 Len=0
2897	43.347698	my_computer xgs_firewall	TLSv1.2	571	Client Hello
2901	43.348204	xgs_firewall	my_computer TCP	60	4444 → 54264 [ACK] Seq=1 Ack=518 Win=65664 Len=0
2903	43.348437	xgs_firewall	my_computer TCP	60	4444 → 54245 [ACK] Seq=24486 Ack=13908 Win=62080 Len=0
2907	43.348745	xgs_firewall	my_computer TLSv1.2	1514	Server Hello
2908	43.348826	xgs_firewall	my_computer TCP	1514	4444 → 54263 [ACK] Seq=1461 Ack=518 Win=33536 Len=1460 [TCP segment of a reassembled PDU]
2909	43.348847	my_computer xgs_firewall	TCP	54	54263 → 4444 [ACK] Seq=518 Ack=2921 Win=262400 Len=0
2910	43.348880	xgs_firewall	my_computer TLSv1.2	414	Certificate, Server Key Exchange, Server Hello Done
2911	43.354631	my_computer xgs_firewall	TLSv1.2	180	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
2917	43.366732	xgs_firewall	my_computer TLSv1.2	105	Change Cipher Spec, Encrypted Handshake Message
2919	43.367464	my_computer xgs_firewall	TLSv1.2	563	Application Data
2927	43.379105	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2929	43.379824	xgs_firewall	my_computer TCP	1514	4444 → 54263 [ACK] Seq=4792 Ack=1153 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
2930	43.379895	my_computer xgs_firewall	TCP	54	54263 → 4444 [ACK] Seq=1153 Ack=6252 Win=262400 Len=0
2935	43.380243	xgs_firewall	my_computer TCP	1514	4444 → 54263 [ACK] Seq=6252 Ack=1153 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
2942	43.391746	xgs_firewall	my_computer TCP	1514	4444 → 54263 [ACK] Seq=7712 Ack=1153 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
2943	43.391800	my_computer xgs_firewall	TCP	54	54263 → 4444 [ACK] Seq=1153 Ack=9172 Win=262400 Len=0
2945	43.392306	xgs_firewall	my_computer TCP	1514	4444 → 54263 [ACK] Seq=9172 Ack=1153 Win=34688 Len=1460 [TCP segment of a reassembled PDU]
2957	43.393130	xgs_firewall	my_computer TLSv1.2	1514	Server Hello
2958	43.393215	xgs_firewall	my_computer TCP	1514	4444 → 54264 [ACK] Seq=1461 Ack=518 Win=33536 Len=1460 [TCP segment of a reassembled PDU]
2959	43.393242	my_computer xgs_firewall	TCP	54	54264 → 4444 [ACK] Seq=518 Ack=2921 Win=262400 Len=0
2960	43.393267	xgs_firewall	my_computer TLSv1.2	414	Certificate, Server Key Exchange, Server Hello Done
2962	43.400349	xgs_firewall	my_computer TLSv1.2	212	Application Data
2963	43.400397	my_computer xgs_firewall	TCP	54	54263 → 4444 [ACK] Seq=1153 Ack=10790 Win=262400 Len=0
2965	43.401897	my_computer xgs_firewall	TLSv1.2	180	Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
2970	43.414925	xgs_firewall	my_computer TLSv1.2	105	Change Cipher Spec, Encrypted Handshake Message
2971	43.415776	my_computer xgs_firewall	TLSv1.2	728	Application Data
2977	43.428240	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2978	43.474616	my_computer xgs_firewall	TCP	54	54264 → 4444 [ACK] Seq=1318 Ack=4792 Win=262400 Len=0
2983	43.537849	xgs_firewall	my_computer TLSv1.2	1514	Application Data
2984	43.538146	my_computer xgs_firewall	TCP	54	54245 → 4444 [RST, ACK] Seq=13908 Ack=25946 Win=0 Len=0
2985	43.538688	xgs_firewall	my_computer TCP	1514	4444 → 54245 [ACK] Seq=25946 Ack=13908 Win=62080 Len=1460 [TCP segment of a reassembled PDU]
2986	43.538748	xgs_firewall	my_computer TCP	780	[TCP Previous segment not captured] 4444 → 54245 [PSH, ACK] Seq=28866 Ack=13908 Win=62080 Len=726 [TCP segment of a reassembled PDU], Encrypted Alert
2987	43.538761	xgs_firewall	my_computer TCP	60	4444 → 54245 [FIN, ACK] Seq=29592 Ack=13908 Win=62080 Len=0
2991	43.538996	xgs_firewall	my_computer TCP	1514	[TCP Out-Of-Order] 4444 → 54245 [ACK] Seq=27406 Ack=13908 Win=62080 Len=1460
3008	43.793357	xgs_firewall	my_computer TLSv1.2	1011	Application Data, Application Data
3010	43.793683	xgs_firewall	my_computer TLSv1.2	85	Encrypted Alert
3011	43.793821	my_computer xgs_firewall	TCP	54	54222 → 4444 [ACK] Seq=4508 Ack=34041 Win=262400 Len=0
3012	43.794029	xgs_firewall	my_computer TCP	60	4444 → 54222 [FIN, ACK] Seq=34041 Ack=4508 Win=41472 Len=0
3013	43.794219	my_computer xgs_firewall	TCP	54	54222 → 4444 [RST, ACK] Seq=4508 Ack=34041 Win=0 Len=0
3020	43.884921	xgs_firewall	my_computer TLSv1.2	1011	Application Data, Application Data
3021	43.885041	xgs_firewall	my_computer TLSv1.2	85	Encrypted Alert
3022	43.885098	my_computer xgs_firewall	TCP	54	54221 → 4444 [ACK] Seq=1989 Ack=5278 Win=262400 Len=0
3023	43.885246	my_computer xgs_firewall	TCP	54	54221 → 4444 [RST, ACK] Seq=1989 Ack=5278 Win=0 Len=0
3061	44.152452	xgs_firewall	my_computer TCP	1477	[TCP Retransmission] 4444 → 54243 [FIN, PSH, ACK] Seq=7257 Ack=2397 Win=36992 Len=1423
3063	44.152673	my_computer xgs_firewall	TCP	54	54243 → 4444 [RST, ACK] Seq=2397 Ack=8680 Win=0 Len=0
3074	44.312557	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54261 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3075	44.312665	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54259 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3076	44.312688	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54260 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3077	44.312694	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54258 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3083	44.341956	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54262 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3246	46.328482	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54260 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3248	46.328667	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54259 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3249	46.328714	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54261 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3250	46.328743	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54258 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3253	46.356187	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54262 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3261	48.382411	xgs_firewall	my_computer TLSv1.2	85	Encrypted Alert
3263	48.382661	xgs_firewall	my_computer TCP	60	4444 → 54263 [FIN, ACK] Seq=10821 Ack=1153 Win=34688 Len=0
3264	48.382787	my_computer xgs_firewall	TCP	54	54263 → 4444 [ACK] Seq=1153 Ack=10821 Win=262400 Len=0
3265	48.383440	my_computer xgs_firewall	TCP	54	54263 → 4444 [ACK] Seq=1153 Ack=10822 Win=262400 Len=0
3267	48.383777	my_computer xgs_firewall	TCP	54	54263 → 4444 [RST, ACK] Seq=1153 Ack=10822 Win=0 Len=0
3273	48.432010	xgs_firewall	my_computer TLSv1.2	85	[TCP Previous segment not captured] , Encrypted Alert
3274	48.432107	my_computer xgs_firewall	TCP	66	[TCP Dup ACK 2978#1] 54264 → 4444 [ACK] Seq=1318 Ack=4792 Win=262400 Len=0 SLE=6180 SRE=6211
3322	50.548456	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54261 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3324	50.548658	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54259 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3325	50.548708	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54262 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3328	50.548740	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54258 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3330	50.548768	xgs_firewall	my_computer TCP	66	[TCP Retransmission] 4444 → 54260 [SYN, ACK] Seq=0 Ack=1 Win=32440 Len=0 MSS=16220 SACK_PERM=1 WS=128
3373	51.723377	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54220 → 4444 [ACK] Seq=1178 Ack=9172 Win=262400 Len=1
3430	52.735454	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54220 → 4444 [ACK] Seq=1178 Ack=9172 Win=262400 Len=1
3451	53.310880	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54244 → 4444 [ACK] Seq=4689 Ack=5852 Win=261120 Len=1
3457	53.748783	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54220 → 4444 [ACK] Seq=1178 Ack=9172 Win=262400 Len=1
3467	54.324557	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54244 → 4444 [ACK] Seq=4689 Ack=5852 Win=261120 Len=1
3469	54.763256	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54220 → 4444 [ACK] Seq=1178 Ack=9172 Win=262400 Len=1
3478	55.338681	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54244 → 4444 [ACK] Seq=4689 Ack=5852 Win=261120 Len=1
3483	55.777141	my_computer xgs_firewall	TCP	55	[TCP Keep-Alive] 54220 → 4444 [ACK] Seq=1178 Ack=9172 Win=262400 Len=1 
 XGS has 18.5 MR4 and SG has 9.711-5. 
 I would say this is a tunnel issue but I cannot see why. 
 Any idea how to fix that issue?

LHerzog · Accepted Answer

reduced the MTU of the XGS WAN interface from 1500 to 1400 as a first test and it fixed the issue immediately. 
 The ISP is NetCologne with some special hybrid something Dual Stack connection probably using some additional payload in their packet header. 
 
 Also I notice the XGS web admin is much faster when working through the tunnel. Probably due to no more lost packets. 
 I'll check out the exact matching MTU size. 
 Thanks LuCar Toni for your valued input.

LuCar Toni · Answer

This is a known issue. See: https://community.sophos.com/sophos-xg-firewall/f/discussions/104507/site-tosite-vpn-cannot-access-xg-on-remote-site-using-normal-4444-port/389685#389685 
 Or use Central SSO Web Access.

XGS Webadmin not loading some pages when connecting over ipsec0

Top Replies

Submitted a Tech Support Case lately from the Support Portal?