Symptoms
During the orderly closure of a SecureNAT client TCP connection in a Microsoft Forefront Threat Management Gateway (TMG) 2010 environment, TMG may drop the final acknowledgement (FIN ACK) of the connection closure handshake.
This could lead to re-transmissions of the final FIN ACK packet, and these re-transmissions can lead to application delays, depending on the behavior of the application.
Cause
This issue occurs because of a handling bug in the Firewall Engine driver for TMG.
Resolution
To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base article:
2517957 Software Update 1 Rollup 4 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
