Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MD1
New Contributor

Fortigate hit RDP connections!

Hi

I try to access a server from different place via RDP on fortigate but the connection hits by FW!

I create a policy and I make all services allowed!

And I checked logs and I found the action is : TCP reset from client!

 

Any suggestions?

 

Thank you 

4 REPLIES 4
knaveenkumar
Staff
Staff

There are frequent use cases where a TCP session created on the firewall has a smaller session TTL than the client PC initiating the TCP session or the target device.


The underlying issue is that when the TCP session expires on the FortiGate, the client PC is not aware of it and might try to use again the past existing session which is still alive on its side.

 

For solution please refer this article :

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-the-FortiGate-to-send-TCP-RST-pa....

MD1

Same issue!

sjoshi
Staff
Staff

Dear MD1,

 

Thank you for posting to the Fortinet Community Forum.

 

Problem Description:-
RDP connections issue

 

Can you please describe your NW topology with IP scheme.
Also can you share me the policy details
conf firewall policy
edit <policy id>
sh full

 

Also please take a sniffer during the time of issue.
diag sniff packet any 'host <rdp srv ip> and tcp port 3389' 6 0 l

 

Let us know if this helps.

Thanks

Let us know if this helps.
Salon Raj Joshi
ayeddes
New Contributor

3.378281 192.168.100.81.59744 -> 20.111.35.68.3389: syn 3287819881
3.378370 192.168.168.2.59744 -> 20.111.35.68.3389: syn 3287819881
3.453500 20.111.35.68.3389 -> 192.168.168.2.59744: syn 3625348047 ack 3287819882
3.453542 20.111.35.68.3389 -> 192.168.100.81.59744: syn 3625348047 ack 3287819882
3.456563 192.168.100.81.59744 -> 20.111.35.68.3389: ack 3625348048
3.456595 192.168.168.2.59744 -> 20.111.35.68.3389: ack 3625348048
3.773236 192.168.100.81.59744 -> 20.111.35.68.3389: psh 3287819882 ack 3625348048
3.773273 192.168.168.2.59744 -> 20.111.35.68.3389: psh 3287819882 ack 3625348048
22.715528 192.168.100.81.59744 -> 20.111.35.68.3389: rst 3287819928 ack 3625348048
22.715550 192.168.168.2.59744 -> 20.111.35.68.3389: rst 3287819928 ack 3625348048

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors