Hello,

we have a weird case with asa 5525 - No URL filter in place. 

When trying to access github.com from any computer from the inside network by using Mozilla or Firefox or SSH command from linux server  - it fails. But works fine over IE with no issues. 

There are no browser issues as when rerouting traffic bypass the firewall - all works fine.  

Also, there is no DENY events in the logs as I can see that traffic going in and out.

On Client side I did a pcap and this is how it looks like:

2303151	249134.647628	192.168.30.30	192.30.255.113	TCP	55	[TCP Keep-Alive] 51064 → 443 [ACK] Seq=517 Ack=1 Win=262144 Len=1

2303152	249134.647970   192.30.255.113	192.168.30.30	TCP	60	[TCP Keep-Alive ACK] 443 → 51064 [ACK] Seq=1 Ack=518 Win=66048 Len=0

2306166	249154.668824	192.168.30.30  192.30.255.113	TCP	55	[TCP Keep-Alive] 51064 → 443 [ACK] Seq=517 Ack=1 Win=262144 Len=1

and so on. 
My question is - why it is working only on IE but not on Chrome/Firefox based browsers?
When I doing a "Package trace" it is showing that everything is perfect and packages going through from inside port to outside and nothing is blocking it.

The diagram is as follow:
PC => Switch L2 => Switch L3 ( 0.0.0.0 to 192.168.1.2 FW ) => ASA 5525 => Switch L2 => ISP = Fail

When removing Firewall - diagram looks like this:
PC => Switch L2 => Switch L3 => Switch L2 => ISP = Pass

Everything is pointing to firewall :|
What else should I check/ try ? We do not have access over SSH - only ASDM.