Hi,
Not really sure if you are hitting the bug exactly.
For one, the issue is not zone dependent. So, moving to DMZ shouldn't be a fix. Next, I wouldn't expect ALG to modify anything in the SYN-ACK packet.
Do you have any UTM feature enaled on this policy (URL Filtering, DI?) that would trigger TCP-proxy?