Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
opocta
Staff
Staff

Created on ‎04-20-2015 02:33 AM Edited on ‎01-04-2022 12:53 PM By Anonymous

Article Id 192637

Technical Note: L2TP disconnections due to out-of-order packets

Description

L2TP over IPsec is prone to failures and disconnection due to data compression if MS CHAP is used as authentication protocol and if packets are coming to FortiGate unit out of order. This is observed especially with higher amount of traffic flowing through the tunnel, typically RDP connections.


Solution

To resolve this issue disable MS CHAP on client (usually MS Windows).

MS Windows 7 - go to connection properties of L2TP/IPsec tunnel and select Security tab. Disable MS CHAP as shown below.  There is no configuration change needed on the FortiGate side.
opocta_FD36470_tn_FD36470.jpg

 

1582
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.