Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
atltechpro
New Contributor

SSL VPN problems in FortiOS 6.2.0

Since updating to 6.2.0 I am having problems with was a very stable SSL VPN.  The VPN stays connected but client sessions disconnects or freezes.  Outlook / Exchange is constantly disconnecting and reconnecting and file shares are experiencing the same type of problem.  The interfaces are running clean and packet captures show that the communications between the client and server just stops and eventually times out.  On the FortiClient side I have tried v5.4 up to current 6.2 with and without DTLS enabled with no joy.  I am aware of the know issue with SSL VPN and RDP #495522 and wondering if it's affecting more than just RDP sessions.  Ideas, anyone else experiencing SSL VPN problems with 6.2?

 

Thanks

10 REPLIES 10
jcrous
New Contributor

Having very similar issues on 6.2.1 since upgrade.  Multiple calls with Support have found no resolve.  

 

Outlook/Exchange connectivity is sporadic, if we get a connection at all.   Windows share drive disconnects and slowness/disconnects reported on our EMR.

 

Has any solution been presented to this issue?

skhan169

We've been having the same issues since upgrading to 6.2.1 this past July. The behavior has been very inconsistent, and difficult to reproduce for troubleshooting. But the issues are the same when the occur. Outlook frequently disconnects, and file shares drop, or run very slowly.

 

Haven't been able to find any info on this. If anyone out there has heard anything, it would be wonderful. 

zuka
New Contributor

Hi, we have been implemented Fortigate 3 months ago with 6.2 version. Since two months ago that we are trying to solve this problem, still we have an case in support but we continued with problems. We have been did the folowing: Change MTU size in affected rules to the vpn. we applied "set preserve-session-route" we disabled dtls we tested differents versions of forticlient, 6.0, 6.2 6.2.2 including the forticlient of Windows Store. But nothing solve the problem, the VPN SSL of Fortinet is very unstable, the applications like RDP, SAP, fall frecuently. Regards,

 

Andres.

bstevens
New Contributor II

This is a problem for one of my customers as well.  Just upgraded from 5.6 to 6.2.2 and they are having the same issues described here.  Opened a ticket with Fortinet support.  I will update if they have any useful information.

 

Edit: Support verified it is a bug in 6.2.1 and 6.2.2, however they did not acknowledge 6.2.0 to be a problem.   I rolled back to 6.2.0 and verified it is a problem on that version as well.   Since I know it worked last on 5.6.6, I downgraded and restored to 5.6.6.    I was told it was scheduled to be fixed in upcoming 6.2.3 and 6.4.0.  Hope this helps the next person who finds this all out the hard way.

 

 

kelderek

Our managed security services provider was in the office today and we were talking about my SSL VPN problems and we figured out how to make it work! Here is the original ssl.root config: config system interface     edit "ssl.root"         set vdom "root"         set ip 169.254.1.1 255.255.255.255         set status down         set type tunnel         set alias "SSL VPN interface"         set fortiheartbeat enable         set snmp-index 7     next end We first tried setting the IP to the WAN IP, but it didn't work.  We then checked another Fortigate with an older firmware version but that had a working SSL VPN setup.  It didn't have any IP or status lines for the ssl.root interface, so we tried unsetting the IP and status, but the fortiheartbeat required an IP, so I had to run the following commands: conf sys int edit ssl.root unset ip unset status unset fortiheartbeat end After that, it worked!  Here is what the ssl.root config looked like after: config system interface     edit "ssl.root"         set vdom "root"         set type tunnel         set alias "SSL VPN interface"         set snmp-index 7     next end I called Fortinet and they said fortiheartbeat is an enterprise feature used for telemetry and network access control, and it was safe to disable it with those commands I ran.  Hopefully this helps you, too! :)

 

ZANOOB

Hello kelderek,

 

During the time of client disconnection of SSL VPN , on the firewall did you see the message as "Lost the connection"

kelderek

Sorry ZANOOB, I don't remember for sure, but I don't think we got that message.  As I remember, it stayed connected but didn't actually route/forward any of the incoming traffic.

peterse

Latest 6.2.4 fixed the bug of unstable RDP, but it has another bugs, which make it unusable in production use... Don't upgrade yet.

jy109
New Contributor

ZANOOB wrote:

Hello kelderek,

 

During the time of client disconnection of SSL VPN , on the firewall did you see the message as "Lost the connection"

Hi ZANOOB, I got the VPN similar issue with "Lost the connection" message from the VPN log, do you have any suggestion to solve this? thanks

Labels
Top Kudoed Authors