We have recently seen an increasing amount of drops due to "TCP segment out of maximum allowed sequence."
After contact with support we are provided sk66576.
The issue is thus related to tcp window size and the firewall will drop a session after not seeing the expected ACK after 16384 bytes by default.
The recommendation as per the SK is to gradually increase this until the drops disappear or the security gateway gets low on memory.
However, after some analysis it seems that the involved sources and destinations are all related to Office365 for users https connections and Microsoft Exchange Online Protection for SMTP.
Are we the only ones seeing this issues? Did Microsoft update their services to use more aggressive settings?
Any insight or shared experience will be greatly appreciated.