Skip to main content
jshiveley
jshiveley
New Member
August 19, 2016
Question

New to Fortinet equipment. Fortigate 50e with 2xFortiAP-223c. Remote desktop latency.

  • August 19, 2016
  • 1 reply
  • 7922 views

I work for a mental health/drug and alcohol counseling agency. Our EHR(electronic health record) is cloud based and we access it through a Remote Desktop connection. We just recently installed Fortigate 50e and FortiAP-223c to replace some residential Linksys wireless routers the guy before me left. The funny thing is we never experienced any issue accessing our EHR with the old Linksys equipment. As soon as we installed the Fortigate 50e I'm getting complaints of typing latency and disconnects.

 

After working with a Fortinet engineer, I believe we have the disconnects issue resolved by setting the RDP session ttl to 7200. However, we're still experiencing the typing latency at all the locations that have the new Fortigate 50e's installed. They are all on firmware version 5.4.1 build 1064. The FortiAP-223c's are on version 5.4.1 build 0339. Majority of our offices have a 50x5 cable connection. At most each location will have 7-10 users at a time. We have web filtering and antivirus policies setup. Web filtering is only setup to block access to xxx/adult rated sites. We have the antivirus security policy enabled on every protocol except MAPI, detect viruses set to block, treat windows executables in emails as viruses enabled, use fortisandbox database enabled and mobile malware protection enabled. I have removed the antivirus policy and the issue persists.

 

Does anyone have any ideas?

 

Thanks,

 

-Joel

    1 reply

    FortiOSman
    FortiOSman
    New Member
    August 22, 2016

    Sounds like the latency could be coming from the web filtering and AV scanning. 

     

    Can you try creating a new rule, specifically for the RDP traffic and not have it use any UTM features? That would mimic your previous Linksys setup. You can mitigate not having those turned on by defining the destination IP for the RDP rule. Don't forget to re-add the session TTL. 

     

    I've ran into latency issues in the past and it was because my AV scanner was using using proxy based inspection instead of flow based. Once I changed the mode to flow based my latency went back to normal. Since 5.2 flow based has been the recommended mode, as per the Fortinet engineer I was working with. 

     

    Let me know what happens.

     

     

    -FortiOSman

    Up, Up, and Away!

    jshiveley
    jshiveleyAuthor
    New Member
    August 24, 2016

    Thanks for the reply FortiOSman. The RDP rule isn't using any UTM features and after I looked again it wasn't using any to begin with. I have defined a destination IP address for the rule, but still experiencing the latency and getting staff complaints. Any other ideas?

     

    -Joel

    FortiOSman
    FortiOSman
    New Member
    August 25, 2016

    Hmm.

    Does this happen on both wired and wireless? You had said you also replaced APs, maybe those are the culprit. 

    Have you tried a trace route to the RDP server? Are there any anomalies? 

     

    Another thing to check is the CLI for that rule. I have seen issues in the past where the GUI was reporting features not being enabled, but the CLI showed them as on. 

     

    #config firewall policy

    #edit <ID> 

    #show

     

    Terms & ConditionsAccessibility statement