I've got a tough question here. Let me explain first explain the infrastructure in which it occurs.
Some of our clients operate with environments which utilise proxy servers, so access to our sites is done so via the proxy. They come through our DMZ and firewall to a NLB cluster which hosts an array of web servers.
Once roughly every six months, the set up develops a fault which only affects our clients using proxy servers.
When the fault happens. If a request from the proxy site, at the tcp/ip level is short enough to be transmitted within a single network packet, then an NLB node will receive the request and serve the response as requested.
If the request is longer than that which can be transmitted on a single network packet, none of the NLB nodes accept the 2nd packet and the request never reaches IIS.
When the fault occurs it affects all of the NLB nodes. But whilst the fault is occurring any site not behind a proxy can continue to use the site without fault.
Restarting the firewall fixes the issue, but we've been through the process with the manufacturer, running several traces and can see the firewall is behaving as expected.
Any thoughts would be much appreciated.