Haproxy slow response on 443 port

Help needed.
I have 1 Exchange 2019 behind Haproxy. Everything works fine before today. Today Outllok became slow and it’s a problem of Haproxy i beleive.
In Haproxy logs everytihng looks fine:

# tail -f /var/log/haproxy.log | grep 192.168.21.90
Aug 14 10:49:37 localhost haproxy[717]: 192.168.21.90:2870 [14/Aug/2024:10:49:37.775] fe_ex2019~ be_ex2019_mapi/exch01 0/0/1/13/14 401 514 - - ---- 41/41/25/25/0 0/0 "POST /mapi/nspi/?MailboxId=5faabed4-11b1-4793-9aec-84578f08cdb7@mydomain.com HTTP/1.1"
Aug 14 10:49:37 localhost haproxy[717]: 192.168.21.90:2870 [14/Aug/2024:10:49:37.790] fe_ex2019~ be_ex2019_mapi/exch01 0/0/0/39/39 200 1235 - - ---- 41/41/25/25/0 0/0 "POST /mapi/nspi/?MailboxId=5faabed4-11b1-4793-9aec-84578f08cdb7@mydomain.com HTTP/1.1"
Aug 14 10:49:37 localhost haproxy[717]: 192.168.21.90:2870 [14/Aug/2024:10:49:37.837] fe_ex2019~ be_ex2019_mapi/exch01 0/0/0/33/34 200 1604 - - ---- 41/41/25/25/0 0/0 "POST /mapi/nspi/?MailboxId=5faabed4-11b1-4793-9aec-84578f08cdb7@mydomain.com HTTP/1.1"
Aug 14 10:49:37 localhost haproxy[717]: 192.168.21.90:2870 [14/Aug/2024:10:49:37.891] fe_ex2019~ be_ex2019_mapi/exch01 0/0/0/30/31 200 1216 - - ---- 41/41/25/25/0 0/0 "POST /mapi/nspi/?MailboxId=5faabed4-11b1-4793-9aec-84578f08cdb7@mydomain.com HTTP/1.1"
Aug 14 10:49:37 localhost haproxy[717]: 192.168.21.90:2870 [14/Aug/2024:10:49:37.928] fe_ex2019~ be_ex2019_mapi/exch01 0/0/0/32/33 200 1604 - - ---- 41/41/25/25/0 0/0 "POST /mapi/nspi/?MailboxId=5faabed4-11b1-4793-9aec-84578f08cdb7@mydomain.com HTTP/1.1"
Aug 14 10:49:38 localhost haproxy[717]: 192.168.21.90:2873 [14/Aug/2024:10:49:38.382] fe_ex2019~ be_ex2019_mapi/exch01 0/0/2/3/5 401 514 - - ---- 41/41/25/25/0 0/0 "POST /mapi/emsmdb/?MailboxId=5faabed4-11b1-4793-9aec-84578f08cdb7@mydomain.com HTTP/1.1"

But in tcpdump i see that Haproxy responds to 443 port with 5sec delay:

# tcpdump host 192.168.21.90 and port 443 -n
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on ens18, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:38:15.253295 IP 192.168.21.90.2737 > 192.168.20.37.443: Flags [S], seq 1842537036, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:38:15.253331 IP 192.168.20.37.443 > 192.168.21.90.2737: Flags [S.], seq 175281901, ack 1842537037, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
10:38:16.258620 IP 192.168.20.37.443 > 192.168.21.90.2737: Flags [S.], seq 175281901, ack 1842537037, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
10:38:18.274606 IP 192.168.20.37.443 > 192.168.21.90.2737: Flags [S.], seq 175281901, ack 1842537037, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
10:38:19.769188 IP 192.168.20.37.443 > 192.168.21.90.2544: Flags [P.], seq 1584716687:1584716730, ack 195633256, win 501, length 43
10:38:19.810825 IP 192.168.21.90.2544 > 192.168.20.37.443: Flags [.], ack 43, win 1024, length 0
10:38:22.402580 IP 192.168.20.37.443 > 192.168.21.90.2737: Flags [S.], seq 175281901, ack 1842537037, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
10:38:22.402892 IP 192.168.21.90.2737 > 192.168.20.37.443: Flags [.], ack 1, win 1026, options [nop,nop,sack 1 {0:1}], length 0
10:38:23.780456 IP 192.168.20.37.443 > 192.168.21.90.2640: Flags [P.], seq 131916949:131916992, ack 3368509531, win 501, length 43
10:38:23.826849 IP 192.168.21.90.2640 > 192.168.20.37.443: Flags [.], ack 43, win 8209, length 0
10:38:24.592484 IP 192.168.21.90.2737 > 192.168.20.37.443: Flags [P.], seq 1:215, ack 1, win 1026, length 214
10:38:24.592825 IP 192.168.20.37.443 > 192.168.21.90.2737: Flags [P.], seq 1:142, ack 215, win 501, length 141
10:38:24.593895 IP 192.168.21.90.2737 > 192.168.20.37.443: Flags [P.], seq 215:266, ack 142, win 1026, length 51
10:38:24.634614 IP 192.168.20.37.443 > 192.168.21.90.2737: Flags [.], ack 266, win 501, length 0

icmp from pc 192.168.21.90 to mailserver 192.168.20.37 works fine also without delays. So i think the problem is in Haproxy.
How can i resolve it?
Appreciate any help.

Your kernel does the TCP 3 way handshake, not haproxy.

Looking at the tcpdump I come do the opposite conclusion:

192.168.20.37 responds within 0,04 ms or 0,00004 seconds, but 192.168.21.90 does not respond back.

Your problems are probably middleware/firewall related.

Wow. Missed it. Thank you, i will check it next time the error appears.