Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fbk
New Contributor

FortiGate SSL VPN DTLS problem / DoS policy udp_flood blocked

Hello,

 

the ssl vpn client, when DTLS is enabled, the VPN connection is lost when copying a SAMBA file from the client to the VPN.

with DTLS off, the problem does not occur, but I need it to improve performance.

 

I was able to reproduce the problem on two devices. Both devices have firmware 6.2.10.

The problem already existed with 6.2.9 firmware.

 

Devices: FGT 50E and 301E

 

 

Thanks!

 

--

FBK

2 REPLIES 2
fbk
New Contributor

Hi,

 

I found the problem!

The DoS Policy will capture DTLS due to UDP flood.

What should you do?

The current threshold udp_flood = 2000

I have attached the picture.

 

Thanks!

Jirka1
Contributor III

Hello,

I am reopening this issue and wondering if it has been resolved.

 

We have an activated DTLS tunnel (UDP/443) for SSL VPN and when copying a large amount of data via SMB the client disconnects after a while. DoS Policy (udp_flood) is to blame.
Logically we have this policy deployed on the WAN side of the FGT which also includes the WAN address of the FGT  where it listens to SSL.

Is there a way to solve this? I don't consider increasing the sensitivity a good solution.

FortiOS 7.2.6

 

 

edit "udp_flood"
                set status enable
                set log enable
                set action block
                set threshold 2000

 

 

Thanks

Jirka

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors