Skip to main content
fbk
fbk
New Member
November 12, 2021
Question

FortiGate SSL VPN DTLS problem / DoS policy udp_flood blocked

  • November 12, 2021
  • 2 replies
  • 9046 views

Hello,

 

the ssl vpn client, when DTLS is enabled, the VPN connection is lost when copying a SAMBA file from the client to the VPN.

with DTLS off, the problem does not occur, but I need it to improve performance.

 

I was able to reproduce the problem on two devices. Both devices have firmware 6.2.10.

The problem already existed with 6.2.9 firmware.

 

Devices: FGT 50E and 301E

 

 

Thanks!

 

--

FBK

    2 replies

    fbk
    fbkAuthor
    New Member
    November 12, 2021

    Hi,

     

    I found the problem!

    The DoS Policy will capture DTLS due to UDP flood.

    What should you do?

    The current threshold udp_flood = 2000

    I have attached the picture.

     

    Thanks!

    Jirka1
    Jirka1
    Explorer II
    February 5, 2024

    Hello,

    I am reopening this issue and wondering if it has been resolved.

     

    We have an activated DTLS tunnel (UDP/443) for SSL VPN and when copying a large amount of data via SMB the client disconnects after a while. DoS Policy (udp_flood) is to blame.
    Logically we have this policy deployed on the WAN side of the FGT which also includes the WAN address of the FGT  where it listens to SSL.

    Is there a way to solve this? I don't consider increasing the sensitivity a good solution.

    FortiOS 7.2.6

     

     

    edit "udp_flood"                 set status enable                 set log enable                 set action block                 set threshold 2000

     

     

    Thanks

    Jirka

    Jirka1
    Jirka1
    Explorer II
    August 19, 2024

    Hello,

    is there any solution for this issues?

    Thanks, Jirka

    Terms & ConditionsAccessibility statement