I try to access a server from different place via RDP on fortigate but the connection hits by FW!
I create a policy and I make all services allowed!
And I checked logs and I found the action is : TCP reset from client!
There are frequent use cases where a TCP session created on the firewall has a smaller session TTL than the client PC initiating the TCP session or the target device.
The underlying issue is that when the TCP session expires on the FortiGate, the client PC is not aware of it and might try to use again the past existing session which is still alive on its side.
For solution please refer this article :
Thank you for posting to the Fortinet Community Forum.
Problem Description:-RDP connections issue
Can you please describe your NW topology with IP scheme.Also can you share me the policy detailsconf firewall policyedit <policy id>sh full
Also please take a sniffer during the time of issue.diag sniff packet any 'host <rdp srv ip> and tcp port 3389' 6 0 l
Let us know if this helps.
3.378281 192.168.100.81.59744 -> 184.108.40.206.3389: syn 32878198813.378370 192.168.168.2.59744 -> 220.127.116.11.3389: syn 32878198813.453500 18.104.22.168.3389 -> 192.168.168.2.59744: syn 3625348047 ack 32878198823.453542 22.214.171.124.3389 -> 192.168.100.81.59744: syn 3625348047 ack 32878198823.456563 192.168.100.81.59744 -> 126.96.36.199.3389: ack 36253480483.456595 192.168.168.2.59744 -> 188.8.131.52.3389: ack 36253480483.773236 192.168.100.81.59744 -> 184.108.40.206.3389: psh 3287819882 ack 36253480483.773273 192.168.168.2.59744 -> 220.127.116.11.3389: psh 3287819882 ack 362534804822.715528 192.168.100.81.59744 -> 18.104.22.168.3389: rst 3287819928 ack 362534804822.715550 192.168.168.2.59744 -> 22.214.171.124.3389: rst 3287819928 ack 3625348048
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.