<div>
So the issue turned out to be that prior to entering the VPN tunnel PAN traffic had egressed &nbsp;another PAN. BUT the return traffic to the original sender of the SYN took a route that bypassed the first PAN. SO there were syn-syn-ack-ack sequences but TLS at the server was perceiving something was not right about the packet integrity. Monitoring in the PAN before Tunnel PAN did did not see the traffic because it was set to log at the END of a session. If I had run a packet capture on that PAN I would have seen the one way traffic and figured this out sooner. Not seeing the traffic in Monitoring convinced me early on that the traffic was not passing through that device.
</div>


So the issue turned out to be that prior to entering the VPN tunnel PAN traffic had egressed  another PAN. BUT the return traffic to the original sender of the SYN took a route that bypassed the first PAN. SO there were syn-syn-ack-ack sequences but TLS at the server was perceiving something was not right about the packet integrity. Monitoring in the PAN before Tunnel PAN did did not see the traffic because it was set to log at the END of a session. If I had run a packet capture on that PAN I would have seen the one way traffic and figured this out sooner. Not seeing the traffic in Monitoring convinced me early on that the traffic was not passing through that device.

<div>
<div class="content wysiwyg-content">
<a href="https://filedb.experts-exchange.com/incoming/2017/04_w16/1157629/ScrnGrab1275-170419-17.29.jpg" target="_blank" title="PAN Monitor - note the application is incomplete also (19 KB)"><img alt="PAN Monitor - note the application is incomplete also" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2017/04_w16/800_1157629/ScrnGrab1275-170419-17.29.jpg" /></a>I have some clients who are failing to access a server via SSL. On the PAN firewall the reason for the end of all sessions is TCP-RST-from-server. The clients that success get tcp-rst-from-client - several before later getting from server. Is there a way at the remote Windows server to troubleshoot why it would be sending TCP resets?
</div>
</div>


PAN Monitor - note the application is incomplete also

ScrnGrab1275-170419-17.29.jpg

I have some clients who are failing to access a server via SSL. On the PAN firewall the reason for the end of all sessions is TCP-RST-from-server. The clients that success get tcp-rst-from-client - several before later getting from server. Is there a way at the remote Windows server to troubleshoot why it would be sending TCP resets?

TCP Reset from Server

Palo Alto Networks

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

Transmission Control Protocol/Internet Protocol (TCP/IP) is the set of networking protocols that define end-to-end connectivity specifying how data should be packeted, addressed, transmitted, routed and received at the destination. This functionality is organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved.