Technical Tip: Audio Propagation over SSL VPN

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 241896

Description

This article describes the current limitations of audio propagation over SSL VPN.

Scope

FortiGate v6.4, v7.0, and v7.2 GA releases.

Solution

Let's assume that a network administrator has implemented the below topology:

The goal of the network admin is for external RDP clients to connect to the RDP server via SSL VPN and then to be able to perform calls via a VoIP solution to the end user.

As known, there are two ways to connect over SSL VPN:

Tunnel mode which utilizes FortiClient software for the users to establish an SSL connection with the FortiGate.
Web mode which users are connecting directly over SSL using FortiGate's web mode interface.

In Web Mode, the FortiGate acts like a proxy server between the RDP Client and the RDP server, thus, the quality of the sound is hard to guarantee. Due to this technical limitation, audio propagation in SSL VPN Web Mode is currently not supported.
In Tunnel Mode, the particular goal could be achieved since an internal IP address from the configured IP pool is assigned to the remote external users and a direct communication channel between the client and the server exists.

Note:
Starting from v7.6.3, the SSL VPN tunnel mode will no longer be supported, and SSL VPN web mode will be called 'Agentless VPN'.

1477

Contributors

Anonymous
fconag
nweckel
Anthony_E

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Audio Propagation over SSL VPN

You are leaving our website