Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PurpleShirt
New Contributor III

Is FortiOS 6.0.8 also affected by random RDP disconnects?

Hi community

 

we have a FortiGate 200D with ~30 SSL VPN Users. We have a problem that we're unable to find the cause of. All connected users are getting disconnected all at once several times during the day. It's not possible for them to work like this.

 

I want to upgrade the firmware of our firewall, to see if the problem can be solved by that. In the known issues of the version 6.0.9 it says that it also has the problem with the random disconnects. I want to avoid those problems and have a stable infrastructure, so I'm tempted to try version 6.0.8. In the known issues section of 6.0.8 there's no mention of RDP Problems.

 

I wanted to ask if those issues are exclusive to 6.0.9 or is version 6.0.8 also affected by them?

 

Thank you.

1 Solution
Philippe_Gagne
Contributor

Hi,

 

I got the same problem with RDP in 6.0.8 and 6.0.9. Issue started in 6.0.8.

 

Fortinet will fix in 6.0.10 or, if you can't wait, you have to call TAC, I got a custom 6.0.9 FortiOS version that fixes this issue. Everything works fine since I upgraded with the custom build.

 

Regards,

 

Philippe

 

View solution in original post

7 REPLIES 7
Philippe_Gagne
Contributor

Hi,

 

I got the same problem with RDP in 6.0.8 and 6.0.9. Issue started in 6.0.8.

 

Fortinet will fix in 6.0.10 or, if you can't wait, you have to call TAC, I got a custom 6.0.9 FortiOS version that fixes this issue. Everything works fine since I upgraded with the custom build.

 

Regards,

 

Philippe

 

PurpleShirt

pgagne@androide.com wrote:

Hi,

 

I got the same problem with RDP in 6.0.8 and 6.0.9. Issue started in 6.0.8.

 

Fortinet will fix in 6.0.10 or, if you can't wait, you have to call TAC, I got a custom 6.0.9 FortiOS version that fixes this issue. Everything works fine since I upgraded with the custom build.

 

Regards,

 

Philippe

 

Hi Philippe

 

thank you for your input. I contacted technical support, and they gave me the special build 6.0.9, where this issue is resolved.

 

I will update this thread once I've upgraded the firmware and tested it a few days.

PurpleShirt

Hi guys,

 

so I wanted to share a little update.

 

We still had mass disconnects, even after installing the latest upgrade.

We had a remote session with a fortinet engineer. He suggested us to try to connect with our second WAN interface, as our config seemed fine. We tried that and it worked like a charm.

We opened a ticket with our primary ISP, and they told us that they see many drops on the router. They're now checking why this happens.

 

Maybe this information can help someone, who's facing similar issues.

Toshi_Esumi
Esteemed Contributor III

Just FYI: I've heard from FTNT SE that the current 6.0.10 target release date is in early June.

ede_pfau
Esteemed Contributor III

hmmm...if you read what Bogdan posted today (same problem, remedy) then it might mitigate your situation a bit.

 

At first I didn't understand how RDP interruptions and missing blackhole routes play together. Now, I think that the RDP problems are caused by some firmware bug (possibly fixed in v6.0.10) but...their effect is more serious if you do not install blackhole routes.

That's because when the session is interrupted (the dialup tunnel is closed) the FGT will send traffic out the WAN interface where the default route points to. Thus, a session is established. When the tunnel comes up again (maybe in a second or so) it cannot reestablish the session because there is already a valid session active for this traffic. Only after a timeout the session can be built up across the tunnel, and the application continues to run. The net effect is that the connection stalls for quite some time.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
mr_vaughn
New Contributor III

Do you have SDWAN enabled or multiple ISP's?

 

 

if so try this. Seems to have worked for us in similar issues with multiple clients and SSl VPN disconnects

https://vata.com/knowledge-base/stop-fortinet-forticlient-disconnects/

 

Baptiste

Hi 

I got an interim update from support( FGT_100D-v6-build8661-FORTINET.out ) .

I was running 6.0.9 on a 100D cluster

Since update last wednesday, no more disconnection on RDP session 

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Labels
Top Kudoed Authors