Helpful ReplyHot!SSLVPN and RDP disconnects

Page: 12 > Showing page 1 of 2
Author
Spidler
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/08/01 06:13:26
  • Status: offline
2020/03/13 04:03:46 (permalink)
0

SSLVPN and RDP disconnects

Hey folks,
 
Ever since upgrading my 200D to 6.0.5 (now 6.0.9) when using the FC to connect to the SSL VPN, I have constant disconnects with Outlook and RDP sessions. Pings never fail or timeout, but I get disconnected from my RDP sessions every minute or so, making it completely unusable.
I have a ticket open with support, but honestly, they seem to be dragging their feet. Anyone else seen this behavior and figured out a solution? I have 150 users about to be forced to WFH and this is completely unacceptable. The only work-around I've found is using an IPSEC connection, but that's not realistic. 
#1
Toshi Esumi
Expert Member
  • Total Posts : 2526
  • Scores: 241
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/13 08:52:33 (permalink)
0
At least 6.0.9 has a known issue with drops over ssl vpn, which I posted on this forum about a month ago. They (TAC) said it would be fixed in 6.0.10. However, our case might be different because we didn't have the RDP disconnect over SSL VPN (dropped almost everytime a user tried to RDP into a server after SSL VPN came up) problem with 6.0.6.
#2
Spidler
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/08/01 06:13:26
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/13 09:16:26 (permalink)
0
I spoke to an engineer this morning and they've slipped me a pre-GA copy of 6.0.10 to try out.
I'll be installing it tomorrow morning, so I'll report back then as to the results.
#3
Bitman
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/23 11:55:55
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/13 11:15:22 (permalink)
0
Hey Spidler,
Found this thread while searching for a similar issue. We too are sometimes experiencing RDP freeze and disconnections at 5-10 min interval. FC connection is stable, no disconnect, ping is good. Our Fortigate model is 80E on 6.0.7.
This is not always happening. I sometimes experience this behavior when connecting at night. Another user reported having the issue this morning, but this afternoon everything runs smoothly.
I found this KB ( https://kb.fortinet.com/kb/documentLink.do?externalID=FD46182) which describe a similar problem, but It does not apply to our setup.
 
I will wait for your report on your test result with 6.0.10.
#4
shsheikh
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/03/14 18:34:34
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/15 10:56:59 (permalink)
0
They specifically mention SSLVPN + RDP, but we've noticed it happens with other programs, like Dynamics NAV and our RDS environment (which, I know, is basically RDP).
 
Luckily after some split-brain DNS implementation, we can point SSLVPN users to the public RemoteApp farm address and thus bypass the SSLVPN for that traffic. NAV still disconnects, but we put it in as a RemoteApp so users can launch that if they need to work remotely.
 
It's a pretty big bug, imo, made worse by the current WfH push and I'm surprised it hasn't been quickly patched.
post edited by shsheikh - 2020/03/15 11:26:24
#5
Spidler
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/08/01 06:13:26
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/15 11:03:39 (permalink) ☄ Helpfulby Brons2 2021/02/03 12:56:29
0
I updated the fw on Saturday morning.
I've had zero issues in the last 30 hours. More importantly, no disconnects of authenticated traffic - https, mapi, rdp, etc. It solved our issues, but I hate running an interim build on what is essentially the brain stem of my network.
#6
shsheikh
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/03/14 18:34:34
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/15 11:51:17 (permalink)
0
That's encouraging news! I don't think I could get us to run pre-release software, but if things take off, it's possible.
 
Did the session drop issue occur just over SSLVPN? We are in the middle of migrating more services to FortiGate, and currently routing and firewalling between segments is handled by another device. If we switch and still run 6.0.9, is there a chance sessions would be dropped even internally, or have you only seen it hit SSLVPN users?
post edited by shsheikh - 2020/03/16 09:15:34
#7
Spidler
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/08/01 06:13:26
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/16 04:01:13 (permalink)
0
The drop-outs ONLY occurred when using the Forticlient for an SSL VPN connection. I tried with a quick IPSEC tunnel I built out and that was stable with no disconnects. We use ther 200D to terminate our site-to-site MPLS and IPSEC backup VPN tunnels and haven't had any issues with connectivity. The only problem was the SSLVPN connections.
#8
mrgv
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/18 15:45:06 (permalink)
0
Hello Spidler,
 
Is build8661, the pre-GA copy of 6.0.10 that TAC gave you? We are about to deploy a 400E and we are looking for the best option that could give us reliable RDP connectivity over SSL VPN.
#9
Spidler
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/08/01 06:13:26
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/19 05:21:21 (permalink)
0
Actually, no. I got this build:
FGT_200D-v6-build0358-FORTINET
 
On my 200D it shows as:
v6.0.0 build0358 (interim)
 
Which is, of course, wildly inaccurate in terms of how it displays it's version and build. The 6.0.0 weirded me out a bit, but seeing as how 6.0.9 is build0335, I feel ok with that discrepancy  
#10
mrgv
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/19 07:16:06 (permalink)
0
Thank you Spidler! We'll post something on our experience.
#11
scoopster
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/03/23 03:13:17
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/23 03:34:25 (permalink)
0
We are hitting this issue too, we're running 1500D.
 
Call logged with support who provided 6.0.9 build 8661 (GA) as an interim. Unfortunately this doesn't appeared to have resolved our issue. Symptoms not only seem to be effecting RDP but all traffic getting dropped (DNS/ICMP). VPN disconnects/reconnects doesn't instantly resolve.
 
In most cases after 10 minutes or so the users reconnect VPN and traffic springs to life.
#12
tdragon
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/03/28 00:07:21
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/03/28 00:27:45 (permalink)
0
Hi ,
Can u kindly explain the kindly of connectivity you have arrange for the WFH people to connect to your network.
 
SSLVPN--->RDP(only) or SSLVPN-->into company network
 
We have fg 300 in our location .. but  we have designed SSLVPN user to connect only to RDP PC ..
We also divided and limited number of user per VPN user GROUP as 10.
 
total number of RDP pc or 85 and total number of VPN users are close to 100.
 
Our fg 300 cpu uses 4% and spike to 30%, if any configuration change is made at that time.at rest ofthe time iit is around 4%.
where the memory usage is 65% to 69% at constant.
 
you may face VPN disconnection  at the time of configuring vpn user and placing those config to SSL VPN setting -->Authentication/Portal Mapping area.
BUT rest of the time the VPN will work fine.
WHAT kindly of VPN client you have installed at you end device.
we have installed forticlient (complete solution supporting av,vpn and application filter).
 
 
 
 
 
#13
estebanpm
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/04/18 12:23:24
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/04/18 12:33:13 (permalink)
0
Spidler
I updated the fw on Saturday morning.
I've had zero issues in the last 30 hours. More importantly, no disconnects of authenticated traffic - https, mapi, rdp, etc. It solved our issues, but I hate running an interim build on what is essentially the brain stem of my network.



Hello every body, I am experiencing very similar problems with a 200D firewall.
 
Anyone knows when will this version be available?
 
Spidler, can you share with me this provisional compilation?
#14
Toshi Esumi
Expert Member
  • Total Posts : 2526
  • Scores: 241
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/04/18 13:53:55 (permalink)
0
I posted this in a different thread of the same issue. The current target date for 6.0.10 seems to be in early June. But as Spider posted the temp release is available and you can request it if you open a ticket at TAC and get your symptom identified as the same issue.
#15
ami11er
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/04/13 09:09:43
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/05/06 14:30:49 (permalink)
0
Hi all, glad I found this thread for the hope that there's a fix on the way with v6.0.10.
 
 I'm having a similar issue at one of my sites and it is so severe that I barely get past login to the remote desktop before the connection breaks.  It usually reestablishes before RDP times out and then the cycle repeats.
 
At the beginning of the year we had 3 sites with SSL VPN gateways configured.  After the growth in WFH we added the same SSL VPN configuration to an additional 5 sites.  All are either 100D or 100E units and all are running v6.0.9.
 
We have a few reports of RDP stability issues at other sites, but that is one or two disconnects over the course of a day.  Other than that the 7 sites are trouble free.  The problem site never works well enough to connect reliably.  The only significant difference for the problem site is that it is an HA Cluster (and LACP connection to core switch) whereas the other sites are all stand-alone units.
 
 
#16
estebanpm
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/04/18 12:23:24
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/05/06 23:46:48 (permalink)
0
Hello, we have installed a specific patch for v6.0.9 (build 8661 - GA-) and the problem is solved.
No more disconnections in three days and about 120-140 users working simultaneously.
#17
eenchev
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/07/16 03:59:44
  • Location: Sofia, Bulgaria
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/08/11 05:46:43 (permalink)
0
Hello,
 
Has anyone tested 6.0.10 or later version. Is this behavior with RDP freeze resolved? We are testing SSL VPN on FG500E with version 6.4.1 and the same behavior is observed -  no packet loss via the tunnel and freezing RDP and SSH sessions.
 
#18
Hosemacht
Silver Member
  • Total Posts : 87
  • Scores: 5
  • Reward points: 0
  • Joined: 2017/04/18 04:06:13
  • Location: Upper Austria
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/08/11 07:01:55 (permalink)
0
Hi,
 
RDP sessions over SSL-VPN are running solid with 6.0.10, no issues with our 200E Clusters.
 
Regards

sudo apt-get-rekt
#19
ami11er
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/04/13 09:09:43
  • Status: offline
Re: SSLVPN and RDP disconnects 2020/08/11 08:42:48 (permalink)
0
We have updated all of our SSL VPN gateways to 6.0.10.  We have a mix of 100D and 100E hardware.  On FortiOS 6.0.9 we had reports of occasional RDP disconnects from some users.  On one gateway (100E cluster) we had a 100% failure rate for RDP.  After the upgrade to 6.0.10 the 100E cluster failure issue was resolved.  We don't have a good measure for the occasional issues on other gateways, but we believe they have improved as well.
 
One other point: we have a mix of 5.6.x FortiClient and 6.0.9 FortiClient.  We believe that the older client had stability issues with FortiOS 6.0.9 that were made worse with 6.0.10.  We are still working on upgrading all FortiClients to the current version to confirm that it resolves all issues, but early results are positive.
 
Bottom line: it appears that FortiOS 6.0.10 and FortiClient 6.0.9 resolves the RDP freeze/disconnect issue.
post edited by ami11er - 2020/08/11 08:47:42
#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2021 APG vNext Commercial Version 5.5