FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
opocta
Staff
Staff

Description

L2TP over IPsec is prone to failures and disconnection due to data compression if MS CHAP is used as authentication protocol and if packets are coming to FortiGate unit out of order. This is observed especially with higher amount of traffic flowing through the tunnel, typically RDP connections.


Solution

To resolve this issue disable MS CHAP on client (usually MS Windows).

MS Windows 7 - go to connection properties of L2TP/IPsec tunnel and select Security tab. Disable MS CHAP as shown below.  There is no configuration change needed on the FortiGate side.

opocta_FD36470_tn_FD36470.jpg

 

Contributors