This article explains what to do when Windows authentication drops RDP connection and describes some technical recommendation which can increase the stability of RDP sessions in FortiOS.
1) Disable NLA (Network Level Authentication).
Go to Start -> Administrative Tools -> Remote Desktop Services -> Remote Desktop Session Host Configuration.
Connections: Select the name of the connection, and then click Properties.
On General tab, deselect the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' check box.
2) Change to TLS encryption in RDP Bookmark.
Go to VPN - > SSL-VPN Portals and edit 'Predefined Bookmarks'.
Change to Security: TLS encryption.
3) Change RDP Transport to TCP on Windows PCs.
Steps on how to change the transport protocol are:
Go to Start -> Run -> gpedit.msc -> Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> Select RDP transport Protocol and after selecting the check box, go back to the above registry path and change the value to 1.
0 --> Use both UDP and TCP.
1 --> Use only TCP.
2 --> Use either UDP or TCP.
4) Increase the session TTL RDP timers in FortiOS.
This can be done by configuring following commands:# config system session-ttl
# config port
edit 1
set protocol 6
set timeout 3600
set start-port 3389
set end-port 3389
end
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.