Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tk1
New Contributor

Problems with RDP connection to Laptops via SSLVPN from internal network

Hello,
We have the following problem. We use SSLVPN for remote connection from laptops to internal network. The laptops connect with RDP. This works smoothly.
But now we would like to use the reverse way, so you can access the laptops from the internal network with RDP or other stuff.
After the appropriate firewall rule config we can ping the laptops, but we can't access them with RDP and I don't know why.
I can see the outgoing RDP traffic in the Fortigate FW log but there is no connection established.
Is there anyone who can give me a tip to solve this ?
Thank you

1 REPLY 1
Mohit_S
Moderator
Moderator

Hi @tk1,

 

Thank you for using the Community Forum.

 

As per your query to know why this connection is not established, you can try using the sniffer and packet capture commands/debugs mentioned below. This is can tell more detailed insight about this traffic. 

Run the debug as mentioned below:

 

Run 2 putty sessions.

 

On the first SSH session run the following sniffer command.

 

#dia sniffer packet any' host <destination machine IP address>' 4 0 l    <---- 'l' here is the letter L in lower case.

 

#dia sniffer packet any' host <destination machine IP address>' 6 0 l <---- 'l' here is the letter L in lower case.

 

Reference :

 https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sn...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Packet-Capture-on-FortiOS-GUI/ta-p/1...

 

 

On the second SSH session run the following debug:

 

diagnose debug flow filter addr <dest_machine_IP>

diag deb console timestamp enable

diagnose debug flow trace start 9999 <---  this will display 9999 packets for this flow.

diagnose debug enable

 

Reference :

https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/54688/debugging-the-packet-flow

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Share the output here or you can convert the file into the .pcap ext for the first SSH session.

 

Once the commands are ready then run the RDP connection. If you are getting to much traffic for these commands before running the RDP connection then use the following filters to have only RDP traffic on respective SSH sessions.

 

For the first SSH session use the following command

 

#dia sniffer packet any' host <destination machine IP address> and port 3389' 4 0 l    <---- 'l' here is the letter L in lower case.

 

#dia sniffer packet any' host <destination machine IP address> and port 3389' 6 0 l <---- 'l' here is the letter L in lower case.

 

For the second SSH session use the following command

 

#diagnose debug flow filter addr <dest_machine_IP>

diagnose deb flow filter port 3389

diag deb console timestamp enable

diagnose debug flow trace start 9999 <---  this will display 9999 packets for this flow.

diagnose debug enable

 

Let me know if you need help with this.

Mohit - Fortinet Community Team