Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MarcusI
New Contributor

VPN , Outlook, exchange

Hello everyone: Let's see if you can help me, I have several computers using the Forticlient to access the company's VPN, the connection is established correctly, but as soon as you try to download the messages from Microsoft Outlook through Exchange it does so for a few minutes, then the Outlook itself puts me, after retrying it, disconnected, and does not let me work with the Outlook ... any ideas ??

 

The connection is simple, mail server (VM) -switch-fortigate-(ISP)Internet Thank you in advance.

10 REPLIES 10
seadave
Contributor III

Did you figure this out?  We just migrated to 6.0.7 and we are seeing a similar problem.  See this post:

 

https://forum.fortinet.com/tm.aspx?m=183163

 

ede_pfau
Esteemed Contributor III

SSLVPN or IPSec?

There've been problems with SSL VPN in FOS v6.0.7. Upgrade to v6.0.9 to see if it helps.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
seadave

It is SSLVPN.  We have held off of 6.0.9 due to the RDP bug in SSLVPN.  We were on 6.0.5 and experienced a logging delay issue.  Logs were getting dropped or buffered for an excessive amount of time.  Moving to 6.0.7 fixed that, but now we have this issue.  Frustrating.  You think they would QC something as critical as SSLVPN more rigorously.  Release notes don't mention this type of issue so maybe we are the lucky winners of the unique bug.

 

It is odd.  Everything else works fine, it just seems to be munging Outlook 16 connectivity to our on-Prem Exchange 2016 server.  All DNS and layer 3/Pings check out just fine.  Can still log into OWA just fine.  But the minute I connect via FortiClient VPN it starts logging connectivity issues when Outlook tries to sync.

isamt

I have upgraded to 6.0.9 and seeing this issue with Outlook client discconects for SSL vpn users.

IPsec Vpn works ok.

 

Have raised with Fortinet

isamt

Interesting that some users have been issued with a special firmware to fix this issue.

https://forum.fortinet.com/tm.aspx?m=183163

 

I have a TAC case open with Fortinet.

They recognise there is an issue with RDP sessions being removed from the Fortigate whilst the RDP session is still active but have said they are not aware of Outlook connections dropping also when on SSL Vpn.

 

They want me to run debug when client is connected and provide them with the times when Outlook disconnects.

 

We upgraded from 5.6.10 to 6.0.9 and have 100's of SSL Vpn users.

Had no choice but to roll back our Vpn gateway Fortigates as many complaints from users.

 

Hopefully, this is fixed in 6.0.10 or at least they give me the special fixed firmware.

seadave
Contributor III

Just tell them you want to try build 8661 and see if that works, or perhaps better yet wait a few more weeks for 6.0.10 and monitor these forums to see if that helps.  I remember when we moved from 5.6 to 6 it took lots of conversion work with some of our policies.

 

Based on:https://support.fortinet.com/Download/FirmwareImages.aspx (Upgrade Path)

 

If you didn't, you should install 6.0.8 then 6.0.9

 

I would use the diag debug flow commands I related in my post and look for the "dstintf="unknown-0" msg="no session matched"" events.  That should indicate the problem exists.

isamt

I explained to Fortinet that others with exactly the same problem have been given an interim firmware which appears to resolve the problem.

 

They said they will give me the same interim firmware to try and to let them know if this fixes my issue, however it comes with the caveat that you cannot roll-back the firmware and with no guarantees that it may introduce other issues.

If you have hardware that stores previous firmware on alternative partition, you can roll back by booting to the alternative partition, otherwise you have to format and TFTP previous firmware back to the Fortigate.

 

As this is a production Fortigate i'm not so keen now to apply an interim firmware which Fortigate probably will not offer full support on.

 

Might be better to wait for 6.0.10

 

erik1282
New Contributor

For us this old post is still an issue.

 

Running FortiClient 6.4.2.1580 and our users can create a VPN connection. Which seems to stay stable.

VPN stays connected, Networkshares stay connected and accessible, Outlook is working.

But after several minutes Outlook is disconnected. All other connections are still working and accessible (networkshares for example). Closing Outlook and reopening does not solve it. Let Outlook reconnect does not solve the issue.

 

Our FortiGate is running firmware 6.4.6. (Firmware 6.4.7 is available not yet installed).

 

Is there a solution for this issue?

 

I have some kind of a solution, that is connect to the client by teamviewer and give the client a ipconfig /flushdns

Close Outlook, reopen Outlook and it works again.

 

isamt

Are you using Exchange on-line or On-prem Servers?

 

We had a similar problem with FortiOS 6.0.9 that was fixed in FortiOS 6.0.10

I'm running 6.4.5 at the moment. We are moving users to Exchange online but vpn users not migrated do not have any issues connecting to Outlook.

 

We will be looking to upgrade to 6.4.7 or 7.0.1 soon so would be good to know if you upgrade whether your issue is fixed. 

Labels
Top Kudoed Authors