FortiGate SSL VPN DTLS problem / DoS policy udp_flood blocked

fbk · ‎11-12-2021

Hello,

the ssl vpn client, when DTLS is enabled, the VPN connection is lost when copying a SAMBA file from the client to the VPN.

with DTLS off, the problem does not occur, but I need it to improve performance.

I was able to reproduce the problem on two devices. Both devices have firmware 6.2.10.

The problem already existed with 6.2.9 firmware.

Devices: FGT 50E and 301E

Thanks!

--

FBK

fbk · ‎11-12-2021

Hi,

I found the problem!

The DoS Policy will capture DTLS due to UDP flood.

What should you do?

The current threshold udp_flood = 2000

I have attached the picture.

Thanks!

Jirka1 · ‎02-05-2024

Hello,

I am reopening this issue and wondering if it has been resolved.

We have an activated DTLS tunnel (UDP/443) for SSL VPN and when copying a large amount of data via SMB the client disconnects after a while. DoS Policy (udp_flood) is to blame.
Logically we have this policy deployed on the WAN side of the FGT which also includes the WAN address of the FGT where it listens to SSL.

Is there a way to solve this? I don't consider increasing the sensitivity a good solution.

FortiOS 7.2.6

edit "udp_flood"
                set status enable
                set log enable
                set action block
                set threshold 2000

Thanks

Jirka

Jirka1 · ‎08-19-2024

Hello,

is there any solution for this issues?

Thanks, Jirka

FortiGate SSL VPN DTLS problem / DoS policy udp_flood blocked

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website