Skip to main content
atltechpro
atltechpro
New Member
May 23, 2019
Question

SSL VPN problems in FortiOS 6.2.0

  • May 23, 2019
  • 3 replies
  • 20135 views

Since updating to 6.2.0 I am having problems with was a very stable SSL VPN.  The VPN stays connected but client sessions disconnects or freezes.  Outlook / Exchange is constantly disconnecting and reconnecting and file shares are experiencing the same type of problem.  The interfaces are running clean and packet captures show that the communications between the client and server just stops and eventually times out.  On the FortiClient side I have tried v5.4 up to current 6.2 with and without DTLS enabled with no joy.  I am aware of the know issue with SSL VPN and RDP #495522 and wondering if it's affecting more than just RDP sessions.  Ideas, anyone else experiencing SSL VPN problems with 6.2?

 

Thanks

3 replies

jcrous
jcrous
New Member
August 19, 2019

Having very similar issues on 6.2.1 since upgrade.  Multiple calls with Support have found no resolve.  

 

Outlook/Exchange connectivity is sporadic, if we get a connection at all.   Windows share drive disconnects and slowness/disconnects reported on our EMR.

 

Has any solution been presented to this issue?

skhan169
skhan169
New Member
October 30, 2019

We've been having the same issues since upgrading to 6.2.1 this past July. The behavior has been very inconsistent, and difficult to reproduce for troubleshooting. But the issues are the same when the occur. Outlook frequently disconnects, and file shares drop, or run very slowly.

 

Haven't been able to find any info on this. If anyone out there has heard anything, it would be wonderful. 

zuka
zuka
New Member
November 14, 2019

Hi, we have been implemented Fortigate 3 months ago with 6.2 version. Since two months ago that we are trying to solve this problem, still we have an case in support but we continued with problems. We have been did the folowing: Change MTU size in affected rules to the vpn. we applied "set preserve-session-route" we disabled dtls we tested differents versions of forticlient, 6.0, 6.2 6.2.2 including the forticlient of Windows Store. But nothing solve the problem, the VPN SSL of Fortinet is very unstable, the applications like RDP, SAP, fall frecuently. Regards,

 

Andres.

bstevens
bstevens
New Member
November 25, 2019

This is a problem for one of my customers as well.  Just upgraded from 5.6 to 6.2.2 and they are having the same issues described here.  Opened a ticket with Fortinet support.  I will update if they have any useful information.

 

Edit: Support verified it is a bug in 6.2.1 and 6.2.2, however they did not acknowledge 6.2.0 to be a problem.   I rolled back to 6.2.0 and verified it is a problem on that version as well.   Since I know it worked last on 5.6.6, I downgraded and restored to 5.6.6.    I was told it was scheduled to be fixed in upcoming 6.2.3 and 6.4.0.  Hope this helps the next person who finds this all out the hard way.

 

 

kelderek
kelderek
New Member
December 4, 2019

Our managed security services provider was in the office today and we were talking about my SSL VPN problems and we figured out how to make it work! Here is the original ssl.root config: config system interface     edit "ssl.root"         set vdom "root"         set ip 169.254.1.1 255.255.255.255         set status down         set type tunnel         set alias "SSL VPN interface"         set fortiheartbeat enable         set snmp-index 7     next end We first tried setting the IP to the WAN IP, but it didn't work.  We then checked another Fortigate with an older firmware version but that had a working SSL VPN setup.  It didn't have any IP or status lines for the ssl.root interface, so we tried unsetting the IP and status, but the fortiheartbeat required an IP, so I had to run the following commands: conf sys int edit ssl.root unset ip unset status unset fortiheartbeat end After that, it worked!  Here is what the ssl.root config looked like after: config system interface     edit "ssl.root"         set vdom "root"         set type tunnel         set alias "SSL VPN interface"         set snmp-index 7     next end I called Fortinet and they said fortiheartbeat is an enterprise feature used for telemetry and network access control, and it was safe to disable it with those commands I ran.  Hopefully this helps you, too! :)

 

Galar
Galar
New Member
April 9, 2020

Hi,

 

We were facing the same issue after upgrading from 6.0.5 to 6.0.9. Applications like SAP or RDP sessions were randomly hanging through FortiClient. Contacted with Fortinet technical support and they confirmed a bug. It will be resolved in 6.0.10 and 6.2.4, but in the meantime, they sent us a private firmware 6.0.9 build 8661.

 

There is a related known issue. It is about RDP but the engineer recognized that it was also related to other TCP application:

582265: RDP sessions are terminated (disconnect) unexpectedly.

https://docs.fortinet.com/document/fortigate/6.0.9/fortios-release-notes/933609/known-issues

 

Hope this helps!

Terms & ConditionsAccessibility statement