| Description | This article explains why the 'anynet_Closed' error is seen on Anydesk when the user is behind FortiGate. |
| Scope | FortiGate. |
| Solution |
This article is focused on closed environments where access to each service is selectively provided to internal users through the FortiGate firewall instead of allowing all the internet-facing traffic. The users sometimes might be unable to connect to a remote user with AnyDesk.
If an error 'anynet_Closed' is displayed when the remote user tries to accept the connection.
This is due to an AnyDesk feature that allows direct remote connections with the remote side.
Whenever initiating a connection the AnyDesk first communicates with the AnyDesk servers and if this feature is enabled, after that it would try to connect to a remote machine directly.
It will be possible to see AnyDesk traffic being allowed to AnyDesk servers in the Forward traffic logs, however, the connection will still fail.
It is because, in a closed environment, AnyDesk traffic could be allowed using the ISDB database which has all IPs and port information related to AnyDesk servers. Hence traffic to Anydesk servers is allowed as seen in Forward logs. However, there is no policy created to allow a direct connection to remote users using the AnyDesk. By default, this option uses port number 7070 to initiate direct connections to remote users and it can be changed.
To overcome this issue, disable this option in the AnyDesk settings under Setting -> Connections, and select the check box in front of 'Allow direct connections'.
Once done, AnyDesk will not initiate a direct connection to the remote user and a connection will be established between both machines. |
