Hot!SSLVPN and RDP disconnects

Author
Spidler
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/08/01 06:13:26
  • Status: offline
2020/03/13 04:03:46 (permalink)
0

SSLVPN and RDP disconnects

Hey folks,
 
Ever since upgrading my 200D to 6.0.5 (now 6.0.9) when using the FC to connect to the SSL VPN, I have constant disconnects with Outlook and RDP sessions. Pings never fail or timeout, but I get disconnected from my RDP sessions every minute or so, making it completely unusable.
I have a ticket open with support, but honestly, they seem to be dragging their feet. Anyone else seen this behavior and figured out a solution? I have 150 users about to be forced to WFH and this is completely unacceptable. The only work-around I've found is using an IPSEC connection, but that's not realistic. 
#1

12 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 2031
    • Scores: 186
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/13 08:52:33 (permalink)
    0
    At least 6.0.9 has a known issue with drops over ssl vpn, which I posted on this forum about a month ago. They (TAC) said it would be fixed in 6.0.10. However, our case might be different because we didn't have the RDP disconnect over SSL VPN (dropped almost everytime a user tried to RDP into a server after SSL VPN came up) problem with 6.0.6.
    #2
    Spidler
    New Member
    • Total Posts : 15
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/01 06:13:26
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/13 09:16:26 (permalink)
    0
    I spoke to an engineer this morning and they've slipped me a pre-GA copy of 6.0.10 to try out.
    I'll be installing it tomorrow morning, so I'll report back then as to the results.
    #3
    Bitman
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/23 11:55:55
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/13 11:15:22 (permalink)
    0
    Hey Spidler,
    Found this thread while searching for a similar issue. We too are sometimes experiencing RDP freeze and disconnections at 5-10 min interval. FC connection is stable, no disconnect, ping is good. Our Fortigate model is 80E on 6.0.7.
    This is not always happening. I sometimes experience this behavior when connecting at night. Another user reported having the issue this morning, but this afternoon everything runs smoothly.
    I found this KB ( https://kb.fortinet.com/kb/documentLink.do?externalID=FD46182) which describe a similar problem, but It does not apply to our setup.
     
    I will wait for your report on your test result with 6.0.10.
    #4
    shsheikh
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/14 18:34:34
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/15 10:56:59 (permalink)
    0
    They specifically mention SSLVPN + RDP, but we've noticed it happens with other programs, like Dynamics NAV and our RDS environment (which, I know, is basically RDP).
     
    Luckily after some split-brain DNS implementation, we can point SSLVPN users to the public RemoteApp farm address and thus bypass the SSLVPN for that traffic. NAV still disconnects, but we put it in as a RemoteApp so users can launch that if they need to work remotely.
     
    It's a pretty big bug, imo, made worse by the current WfH push and I'm surprised it hasn't been quickly patched.
    post edited by shsheikh - 2020/03/15 11:26:24
    #5
    Spidler
    New Member
    • Total Posts : 15
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/01 06:13:26
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/15 11:03:39 (permalink)
    0
    I updated the fw on Saturday morning.
    I've had zero issues in the last 30 hours. More importantly, no disconnects of authenticated traffic - https, mapi, rdp, etc. It solved our issues, but I hate running an interim build on what is essentially the brain stem of my network.
    #6
    shsheikh
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/14 18:34:34
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/15 11:51:17 (permalink)
    0
    That's encouraging news! I don't think I could get us to run pre-release software, but if things take off, it's possible.
     
    Did the session drop issue occur just over SSLVPN? We are in the middle of migrating more services to FortiGate, and currently routing and firewalling between segments is handled by another device. If we switch and still run 6.0.9, is there a chance sessions would be dropped even internally, or have you only seen it hit SSLVPN users?
    post edited by shsheikh - 2020/03/16 09:15:34
    #7
    Spidler
    New Member
    • Total Posts : 15
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/01 06:13:26
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/16 04:01:13 (permalink)
    0
    The drop-outs ONLY occurred when using the Forticlient for an SSL VPN connection. I tried with a quick IPSEC tunnel I built out and that was stable with no disconnects. We use ther 200D to terminate our site-to-site MPLS and IPSEC backup VPN tunnels and haven't had any issues with connectivity. The only problem was the SSLVPN connections.
    #8
    mrgv
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/18 15:45:06 (permalink)
    0
    Hello Spidler,
     
    Is build8661, the pre-GA copy of 6.0.10 that TAC gave you? We are about to deploy a 400E and we are looking for the best option that could give us reliable RDP connectivity over SSL VPN.
    #9
    Spidler
    New Member
    • Total Posts : 15
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/01 06:13:26
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/19 05:21:21 (permalink)
    0
    Actually, no. I got this build:
    FGT_200D-v6-build0358-FORTINET
     
    On my 200D it shows as:
    v6.0.0 build0358 (interim)
     
    Which is, of course, wildly inaccurate in terms of how it displays it's version and build. The 6.0.0 weirded me out a bit, but seeing as how 6.0.9 is build0335, I feel ok with that discrepancy  
    #10
    mrgv
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/19 07:16:06 (permalink)
    0
    Thank you Spidler! We'll post something on our experience.
    #11
    scoopster
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/23 03:13:17
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/23 03:34:25 (permalink)
    0
    We are hitting this issue too, we're running 1500D.
     
    Call logged with support who provided 6.0.9 build 8661 (GA) as an interim. Unfortunately this doesn't appeared to have resolved our issue. Symptoms not only seem to be effecting RDP but all traffic getting dropped (DNS/ICMP). VPN disconnects/reconnects doesn't instantly resolve.
     
    In most cases after 10 minutes or so the users reconnect VPN and traffic springs to life.
    #12
    tdragon
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/28 00:07:21
    • Status: offline
    Re: SSLVPN and RDP disconnects 2020/03/28 00:27:45 (permalink)
    0
    Hi ,
    Can u kindly explain the kindly of connectivity you have arrange for the WFH people to connect to your network.
     
    SSLVPN--->RDP(only) or SSLVPN-->into company network
     
    We have fg 300 in our location .. but  we have designed SSLVPN user to connect only to RDP PC ..
    We also divided and limited number of user per VPN user GROUP as 10.
     
    total number of RDP pc or 85 and total number of VPN users are close to 100.
     
    Our fg 300 cpu uses 4% and spike to 30%, if any configuration change is made at that time.at rest ofthe time iit is around 4%.
    where the memory usage is 65% to 69% at constant.
     
    you may face VPN disconnection  at the time of configuring vpn user and placing those config to SSL VPN setting -->Authentication/Portal Mapping area.
    BUT rest of the time the VPN will work fine.
    WHAT kindly of VPN client you have installed at you end device.
    we have installed forticlient (complete solution supporting av,vpn and application filter).
     
     
     
     
     
    #13
    Jump to:
    © 2020 APG vNext Commercial Version 5.5