FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes the current limitations of audio propagation over SSL VPN.
Scope FortiGate 6.4, 7.0, and 7.2 GA releases.

Let's assume that a network administrator has implemented the below topology:




The goal of the network admin is for external RDP clients to connect to the RDP server via SSL VPN and then to be able to perform calls via a VoIP solution to the end user.


As known, there are two ways to connect over SSL VPN:


1) Tunnel mode which utilizes FortiClient software in order for the users to establish an SSL connection with the FortiGate.

2) Web mode which users are connecting directly over SSL using FortiGate's web mode interface.


- In Web Mode, the FortiGate acts like a proxy server between the RDP Client and the RDP server thus the quality of the sound is hard to be guaranteed


- In Tunnel Mode, the particular goal could be achieved since an internal IP address from the configured IP pool is assigned to the remote external users and a direct communication channel between the client and the server exists.