Hot!VPN , Outlook, exchange

Author
MarcusI
New Member
  • Total Posts : 14
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/22 20:34:04
  • Status: offline
2019/09/24 11:26:15 (permalink)
0

VPN , Outlook, exchange

Hello everyone:

Let's see if you can help me, I have several computers using the Forticlient to access the company's VPN, the connection is established correctly, but as soon as you try to download the messages from Microsoft Outlook through Exchange it does so for a few minutes, then the Outlook itself puts me, after retrying it, disconnected, and does not let me work with the Outlook ...

any ideas ??
 
The connection is simple, mail server (VM) -switch-fortigate-(ISP)Internet

Thank you in advance.
#1

7 Replies Related Threads

    seadave
    Expert Member
    • Total Posts : 346
    • Scores: 50
    • Reward points: 0
    • Joined: 2004/11/03 18:02:09
    • Location: Seattle, WA
    • Status: offline
    Re: VPN , Outlook, exchange 2020/02/13 15:49:40 (permalink)
    0
    Did you figure this out?  We just migrated to 6.0.7 and we are seeing a similar problem.  See this post:
     
    https://forum.fortinet.com/tm.aspx?m=183163
     
    #2
    ede_pfau
    Expert Member
    • Total Posts : 6241
    • Scores: 522
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: VPN , Outlook, exchange 2020/02/14 00:00:28 (permalink)
    0
    SSLVPN or IPSec?
    There've been problems with SSL VPN in FOS v6.0.7. Upgrade to v6.0.9 to see if it helps.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #3
    seadave
    Expert Member
    • Total Posts : 346
    • Scores: 50
    • Reward points: 0
    • Joined: 2004/11/03 18:02:09
    • Location: Seattle, WA
    • Status: offline
    Re: VPN , Outlook, exchange 2020/02/14 10:02:54 (permalink)
    0
    It is SSLVPN.  We have held off of 6.0.9 due to the RDP bug in SSLVPN.  We were on 6.0.5 and experienced a logging delay issue.  Logs were getting dropped or buffered for an excessive amount of time.  Moving to 6.0.7 fixed that, but now we have this issue.  Frustrating.  You think they would QC something as critical as SSLVPN more rigorously.  Release notes don't mention this type of issue so maybe we are the lucky winners of the unique bug.
     
    It is odd.  Everything else works fine, it just seems to be munging Outlook 16 connectivity to our on-Prem Exchange 2016 server.  All DNS and layer 3/Pings check out just fine.  Can still log into OWA just fine.  But the minute I connect via FortiClient VPN it starts logging connectivity issues when Outlook tries to sync.
    #4
    isamt
    New Member
    • Total Posts : 20
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/29 01:52:35
    • Status: offline
    Re: VPN , Outlook, exchange 2020/02/17 06:25:15 (permalink)
    0
    I have upgraded to 6.0.9 and seeing this issue with Outlook client discconects for SSL vpn users.
    IPsec Vpn works ok.
     
    Have raised with Fortinet
    #5
    isamt
    New Member
    • Total Posts : 20
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/29 01:52:35
    • Status: offline
    Re: VPN , Outlook, exchange 2020/02/19 15:23:04 (permalink)
    0
    Interesting that some users have been issued with a special firmware to fix this issue.
    https://forum.fortinet.com/tm.aspx?m=183163
     
    I have a TAC case open with Fortinet.
    They recognise there is an issue with RDP sessions being removed from the Fortigate whilst the RDP session is still active but have said they are not aware of Outlook connections dropping also when on SSL Vpn.
     
    They want me to run debug when client is connected and provide them with the times when Outlook disconnects.
     
    We upgraded from 5.6.10 to 6.0.9 and have 100's of SSL Vpn users.
    Had no choice but to roll back our Vpn gateway Fortigates as many complaints from users.
     
    Hopefully, this is fixed in 6.0.10 or at least they give me the special fixed firmware.
    #6
    seadave
    Expert Member
    • Total Posts : 346
    • Scores: 50
    • Reward points: 0
    • Joined: 2004/11/03 18:02:09
    • Location: Seattle, WA
    • Status: offline
    Re: VPN , Outlook, exchange 2020/02/19 16:04:16 (permalink)
    0
    Just tell them you want to try build 8661 and see if that works, or perhaps better yet wait a few more weeks for 6.0.10 and monitor these forums to see if that helps.  I remember when we moved from 5.6 to 6 it took lots of conversion work with some of our policies.
     
    Based on:https://support.fortinet.com/Download/FirmwareImages.aspx (Upgrade Path)
     
    If you didn't, you should install 6.0.8 then 6.0.9
     
    I would use the diag debug flow commands I related in my post and look for the "dstintf="unknown-0" msg="no session matched"" events.  That should indicate the problem exists.
    #7
    isamt
    New Member
    • Total Posts : 20
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/29 01:52:35
    • Status: offline
    Re: VPN , Outlook, exchange 2020/03/01 02:42:13 (permalink)
    0
    I explained to Fortinet that others with exactly the same problem have been given an interim firmware which appears to resolve the problem.
     
    They said they will give me the same interim firmware to try and to let them know if this fixes my issue, however it comes with the caveat that you cannot roll-back the firmware and with no guarantees that it may introduce other issues.
    If you have hardware that stores previous firmware on alternative partition, you can roll back by booting to the alternative partition, otherwise you have to format and TFTP previous firmware back to the Fortigate.
     
    As this is a production Fortigate i'm not so keen now to apply an interim firmware which Fortigate probably will not offer full support on.
     
    Might be better to wait for 6.0.10
     
    #8
    Jump to:
    © 2020 APG vNext Commercial Version 5.5