Have a vanilla NAT config on a 60e with firmware 5.6.6 running some Windows servers at a data center. I have my own IP blocks. Everything in the firewall is disabled or on monitor / log only. Have basic VIP's and policies setup, and everything appears to work except this one issue where some IE 11 sessions go dead eventually. Nat is configured to allow the IP to be seen (NAT enabled only on outgoing policy), because I had issues with Bitvise SSH server's IP blocking functionality if I enabled two way NAT. I'm thinking this NAT/No-Nat configuration is my issue, but everything works normally, except this intermittent issue with IE 11 clients. NAT is setup as static with a route to the gateway, and as noted it is enabled only on outgoing policies as to not intefere with Bitvise.

So my client has an auto-refreshing Ajax code and has some users on IE 11 (not by choice), about once every week or two the session dies and then repeatedly tries to re-login automatically (due to their code). There is a zero length response being sent verified by the web logs, which is why I assume the session is dead. Eventually, the problem user/client either logs back in successfully and it works for another week or two, and then the issue recurs again.

Would anyone suggest that I leave my config in NAT mode and try Firmware Updates, or just give up and try Transparent mode + firmware updates?

I'm really wanting to solve this issue in one round, they are extremely sensitive to downtime and maintenance windows are short.