Skip to main content
marito
marito
New Member
August 21, 2018
Question

Rdp via VPN

  • August 21, 2018
  • 1 reply
  • 3845 views

Hi,

I've an e200 fortinet running version 5.6.2.

In my net there are several windows 2016 servers witch programmers access them via rdp, previously, they open an ssl-vpn connection. In some cases, everythings work fine, but some programers have troubles to open RDP "your credentias didn't work" but they are correct. When I check the event viewer for rdp , there is no register for the fail connection. 

To bypass the issue I opened RDP to the wan, so the programers connects directly using the public ip address (is dangerous, I'm aware).

I guess that there is a mismatch between the rdp client and the vpn.

Any help w'll be appreciate.

Tnx

 

 

    1 reply

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    August 21, 2018

    My advice is to use IPsec VPN, using the same FortiVPN client. No problems whatsoever.

    darwin_FTNT
    Staff
    darwin_FTNT
    Staff
    August 21, 2018

    On my ipsec-vpn with FGT-111C and FWF-60E, noticed vncviewer got unresponsive once in a while (e.g., no tcp reply from wireshark).

     

    Adding the following setting to each of the FGTs fixed the issue:

     

    config system session-ttl     config port         edit 5900             set protocol 6             set timeout never             set start-port 5900             set end-port 5900         next     end  end

     

    This is due to FGTs maintain security & protocol states for each session (user logged-on, policy id, app id, etc.).  For the vncviewer over ipsec-vpn, there are 2 sessions maintained:  vpn session in UDP, then tunnelled vncviewer session in TCP.  If desktop has screensaver, the vncviewer traffic would become inactive and session may expire and deleted in the FGT.  This result to future tcp traffic disrupted.  Can see session info in 'diag sys session list'.

     

    Terms & ConditionsAccessibility statement