Hot!SSL VPN problems in FortiOS 6.2.0

Author
atltechpro
New Member
  • Total Posts : 1
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/12/01 10:55:23
  • Status: offline
2019/05/23 06:55:54 (permalink)
5 (1)

SSL VPN problems in FortiOS 6.2.0

Since updating to 6.2.0 I am having problems with was a very stable SSL VPN.  The VPN stays connected but client sessions disconnects or freezes.  Outlook / Exchange is constantly disconnecting and reconnecting and file shares are experiencing the same type of problem.  The interfaces are running clean and packet captures show that the communications between the client and server just stops and eventually times out.  On the FortiClient side I have tried v5.4 up to current 6.2 with and without DTLS enabled with no joy.  I am aware of the know issue with SSL VPN and RDP #495522 and wondering if it's affecting more than just RDP sessions.  Ideas, anyone else experiencing SSL VPN problems with 6.2?
 
Thanks
#1
jcrous
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/19 08:00:07
  • Status: offline
Re: SSL VPN problems in FortiOS 6.2.0 2019/08/19 08:03:24 (permalink)
0
Having very similar issues on 6.2.1 since upgrade.  Multiple calls with Support have found no resolve.  
 
Outlook/Exchange connectivity is sporadic, if we get a connection at all.   Windows share drive disconnects and slowness/disconnects reported on our EMR.
 
Has any solution been presented to this issue?
#2
skhan169
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/10/30 06:48:11
  • Status: offline
Re: SSL VPN problems in FortiOS 6.2.0 2019/10/30 06:54:11 (permalink)
0
We've been having the same issues since upgrading to 6.2.1 this past July. The behavior has been very inconsistent, and difficult to reproduce for troubleshooting. But the issues are the same when the occur. Outlook frequently disconnects, and file shares drop, or run very slowly.
 
Haven't been able to find any info on this. If anyone out there has heard anything, it would be wonderful. 
#3
zuka
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2019/08/07 10:28:14
  • Status: offline
Re: SSL VPN problems in FortiOS 6.2.0 2019/11/14 10:38:39 (permalink)
0
Hi, we have been implemented Fortigate 3 months ago with 6.2 version. Since two months ago that we are trying to solve this problem, still we have an case in support but we continued with problems.
We have been did the folowing:
Change MTU size in affected rules to the vpn.
we applied "set preserve-session-route"
we disabled dtls
we tested differents versions of forticlient, 6.0, 6.2 6.2.2 including the forticlient of Windows Store.
But nothing solve the problem, the VPN SSL of Fortinet is very unstable, the applications like RDP, SAP, fall frecuently.

Regards,
 
Andres.
#4
bstevens
New Member
  • Total Posts : 3
  • Scores: 3
  • Reward points: 0
  • Joined: 2018/01/12 09:16:38
  • Status: offline
Re: SSL VPN problems in FortiOS 6.2.0 2019/11/25 07:07:05 (permalink)
0
This is a problem for one of my customers as well.  Just upgraded from 5.6 to 6.2.2 and they are having the same issues described here.  Opened a ticket with Fortinet support.  I will update if they have any useful information.
 
Edit: Support verified it is a bug in 6.2.1 and 6.2.2, however they did not acknowledge 6.2.0 to be a problem.   I rolled back to 6.2.0 and verified it is a problem on that version as well.   Since I know it worked last on 5.6.6, I downgraded and restored to 5.6.6.    I was told it was scheduled to be fixed in upcoming 6.2.3 and 6.4.0.  Hope this helps the next person who finds this all out the hard way.
 
 
post edited by bstevens - 2019/11/25 15:42:34
#5
kelderek
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/12/04 14:27:56
  • Status: offline
Re: SSL VPN problems in FortiOS 6.2.0 2019/12/04 14:28:50 (permalink)
0
Our managed security services provider was in the office today and we were talking about my SSL VPN problems and we figured out how to make it work!
Here is the original ssl.root config:

config system interface
    edit "ssl.root"
        set vdom "root"
        set ip 169.254.1.1 255.255.255.255
        set status down
        set type tunnel
        set alias "SSL VPN interface"
        set fortiheartbeat enable
        set snmp-index 7
    next
end

We first tried setting the IP to the WAN IP, but it didn't work.  We then checked another Fortigate with an older firmware version but that had a working SSL VPN setup.  It didn't have any IP or status lines for the ssl.root interface, so we tried unsetting the IP and status, but the fortiheartbeat required an IP, so I had to run the following commands:

conf sys int
edit ssl.root
unset ip
unset status
unset fortiheartbeat
end

After that, it worked!  Here is what the ssl.root config looked like after:

config system interface
    edit "ssl.root"
        set vdom "root"
        set type tunnel
        set alias "SSL VPN interface"
        set snmp-index 7
    next
end

I called Fortinet and they said fortiheartbeat is an enterprise feature used for telemetry and network access control, and it was safe to disable it with those commands I ran.  Hopefully this helps you, too! :)
 
#6
Jump to:
© 2019 APG vNext Commercial Version 5.5