Fortigate hit RDP connections!

There are frequent use cases where a TCP session created on the firewall has a smaller session TTL than the client PC initiating the TCP session or the target device.

The underlying issue is that when the TCP session expires on the FortiGate, the client PC is not aware of it and might try to use again the past existing session which is still alive on its side.

For solution please refer this article :

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-the-FortiGate-to-send-TCP-RST-packet-on/ta-p/196858#:~:text=If%20reset%2Dsessionless%2Dtcp%20is,Default%20is%20disabled.

Dear MD1,

Thank you for posting to the Fortinet Community Forum.

Problem Description:-
RDP connections issue

Can you please describe your NW topology with IP scheme.
Also can you share me the policy details
conf firewall policy
edit <policy id>
sh full

Also please take a sniffer during the time of issue.
diag sniff packet any 'host <rdp srv ip> and tcp port 3389' 6 0 l

Let us know if this helps.

Thanks

3.378281 192.168.100.81.59744 -> 20.111.35.68.3389: syn 3287819881
3.378370 192.168.168.2.59744 -> 20.111.35.68.3389: syn 3287819881
3.453500 20.111.35.68.3389 -> 192.168.168.2.59744: syn 3625348047 ack 3287819882
3.453542 20.111.35.68.3389 -> 192.168.100.81.59744: syn 3625348047 ack 3287819882
3.456563 192.168.100.81.59744 -> 20.111.35.68.3389: ack 3625348048
3.456595 192.168.168.2.59744 -> 20.111.35.68.3389: ack 3625348048
3.773236 192.168.100.81.59744 -> 20.111.35.68.3389: psh 3287819882 ack 3625348048
3.773273 192.168.168.2.59744 -> 20.111.35.68.3389: psh 3287819882 ack 3625348048
22.715528 192.168.100.81.59744 -> 20.111.35.68.3389: rst 3287819928 ack 3625348048
22.715550 192.168.168.2.59744 -> 20.111.35.68.3389: rst 3287819928 ack 3625348048