I notice that 6.0.8 is available. Has anyone installed it yet? Any issues discovered?
I see a note that there is a change to the FortiGuard protocol and port number.
I see a message in the Release Notes that says:
FortiOS 6.0.8 is no longer vulnerable to the following CVE Reference:
[ul]CVE-2018-9195[/ul]I am running into some significant issues with RDP since the install. RDP sessions will frequently fail to connect, or will constantly disconnect after a very short period. Happening on multiple clients, both on and off of VPN, where the FortiOS update is the only common denominator.
We've been running 6.0.8 for a couple months now. No issues that weren't in the release notes so far.
@kd007, we use Windows RDP semi-regularly, between vlans, and across our IPsec VPN. Haven't had any failures that I've seen. Have you been able to pull the logs for some of these failures?
We've also been running 6.0.8 on all our FortiGates since December and have moved most of our clients' devices to 6.0.8. There are VPNs and RDP/RDS Gateway clients connected nearly 24/7 and we haven't heard any complaints at all.
The CVE-2018-9195 fix is pretty important. Note that the 6.0.8 upgrade adds HTTPS as a FortiGuard protocol option but doesn't enable it (unless you start fresh with a 6.0.8 factory reset config), so to be protected from the CVE-2018-9195 vulnerability you have to set the FortiGuard protocol to HTTPS after you upgrade to 6.0.8.
Russ
tanr wrote:tanr and Russ, thanks for the reply. Working on this again tonight trying to sort it out and hoping I don't have to get on the phone with support on Monday. What we're seeing is frequent action="timeout" messages in the log. I'm working on setting up packet captures right now to see if that tells me anything.@kd007, we use Windows RDP semi-regularly, between vlans, and across our IPsec VPN. Haven't had any failures that I've seen. Have you been able to pull the logs for some of these failures?
Here is the pattern I've noticed:
[ol]These issues were absolutely not present before the 6.0.8 update - hardware is a FG-500D a/p cluster. We have other hardware on 6.0.6 that I'm not updating until I sort this out.
If you care, here's an example log message that we see:
Jan 18 21:42:53 1.2.3.4 date=2020-01-18 time=21:42:53 devname="FG500D" devid="FGT5HDxxxxxxxxxx" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1579408973 srcip=5.6.7.8 srcport=7276 srcintf="ssl.root" srcintfrole="undefined" dstip=1.2.3.5 dstport=3389 dstintf="SERVER" dstintfrole="lan" poluuid="7ebdf02a-39b0-51ea-a6c4-9b3ea3471f8f" sessionid=77601623 proto=6 action="timeout" user="me" group="SSLVPN" authserver="LDAP" policyid=1000 policytype="policy" service="RDP" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" duration=1 sentbyte=12052 rcvdbyte=8248 sentpkt=52 rcvdpkt=48 fctuid="12345678901234567890abcdefghijkl" unauthuser="me" unauthusersource="forticlient" appcat="unscanned" crscore=5 craction=262144 crlevel="low"
More to come... or if you just want me to be quiet that is fine too
We haven't solved this yet; but interestingly enough a new bug popped up with the recent release of v6.0.9:
Bug ID
Description
582265
RDP sessions terminate (disconnect) unexpectedly.
Our issue happens with any connection and not just VPN but I have a feeling that it is related.
You should open a case with TAC if you haven't done yet. We did that and had two co-op debugging sessions so far with TAC and our customer who is experiencing RDP drops relatively consistently, if not always, via SSL VPN. We just upgraded the SSL VPN server FG1500D to 6.0.8 without checking this thread (too late). The TAC is suspecting our case is the same as the one with the BUG ID. We're now waiting for their outcome after analyzing the log data captured through the tests.
TAC identified our symptom same as the bug report. What TAC explained to us is when authd handles a timeout event related to the host, but unrelated to RDP, it unexpectedly drop sessions with the host, in our case the RDP process.
This customer uses LDAP authentication for SSL VPN and FSSO as well. So the event to authd can be related to either of them. And there is no workaround. And the fix will be implemented with 6.0.10.
Since 6.0.9 just came out last week, I would guess the next version would be out in early March.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.