Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

AnonMemb
New Contributor II

Created on ‎05-15-2018 10:03 PM

Fortinet SSO: Terminal Server agent port allocation

Hi All,

We are using Fortinet SSO Terminal server Agent, to help authenticate internet users on our Windows 2016 RDS server.

The internet users on the RDS server have been complaining of randomly having to refresh a page a couple of time before it is displayed.

We have checked the TSA agent logs, and found a lot of log entries like below:

"failed to allocate port range for session xy", xy being random numbers.

Then Under the "Port allocation" section of the TSA Configuration, the "System Dynamic Allocation Port Range" has a default entry of 1025-65534, that is leaving user port allocation range to a very small range: 1-1024 which is easily exceeded by the number of user sessions on the RDS server.

So we suspect that when the Port allocation pool is depleted, the agent fails to allocate new session.

Can anyone explain why "System Dynamic Allocation Port Range" is defaulting to such a big range?

and also is there a way to modify the System Dynamic Allocation Port Range

regards,

Eric

Preview file
4 KB
587
0 Kudos
1 REPLY 1
Marco
New Contributor III

Created on ‎05-28-2018 02:26 AM

Hello Eric

maybe the following article may solve the problem: https://forum.fortinet.com/tm.aspx?m=140261

 

best regards

Marco

578
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.