Hello,
We have the following problem. We use SSLVPN for remote connection from laptops to internal network. The laptops connect with RDP. This works smoothly.
But now we would like to use the reverse way, so you can access the laptops from the internal network with RDP or other stuff.
After the appropriate firewall rule config we can ping the laptops, but we can't access them with RDP and I don't know why.
I can see the outgoing RDP traffic in the Fortigate FW log but there is no connection established.
Is there anyone who can give me a tip to solve this ?
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 04-07-2022 12:58 PM
Hi @tk1,
Thank you for using the Community Forum.
As per your query to know why this connection is not established, you can try using the sniffer and packet capture commands/debugs mentioned below. This is can tell more detailed insight about this traffic.
Run the debug as mentioned below:
Run 2 putty sessions.
On the first SSH session run the following sniffer command.
#dia sniffer packet any' host <destination machine IP address>' 4 0 l <---- 'l' here is the letter L in lower case.
#dia sniffer packet any' host <destination machine IP address>' 6 0 l <---- 'l' here is the letter L in lower case.
Reference :
On the second SSH session run the following debug:
diagnose debug flow filter addr <dest_machine_IP>
diag deb console timestamp enable
diagnose debug flow trace start 9999 <--- this will display 9999 packets for this flow.
diagnose debug enable
Reference :
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/54688/debugging-the-packet-flow
Share the output here or you can convert the file into the .pcap ext for the first SSH session.
Once the commands are ready then run the RDP connection. If you are getting to much traffic for these commands before running the RDP connection then use the following filters to have only RDP traffic on respective SSH sessions.
For the first SSH session use the following command
#dia sniffer packet any' host <destination machine IP address> and port 3389' 4 0 l <---- 'l' here is the letter L in lower case.
#dia sniffer packet any' host <destination machine IP address> and port 3389' 6 0 l <---- 'l' here is the letter L in lower case.
For the second SSH session use the following command
#diagnose debug flow filter addr <dest_machine_IP>
diagnose deb flow filter port 3389
diag deb console timestamp enable
diagnose debug flow trace start 9999 <--- this will display 9999 packets for this flow.
diagnose debug enable
Let me know if you need help with this.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.