Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
luis-estanga
New Contributor

Created on ‎06-28-2024 06:03 AM

RDP Sessions randomly dropping over IPSEC VPN

Hi,

 

We have currently 20 FGT40F branches connecting via VPN IPSEC with the FGT1100E HQ.

Users on the branches connect to a Cluster-RDS via RDP and uses the services/servers from the HQ network.

 

The issue we have is that the RDP sessions are dropping randomly during the day (sometime just once or twice a day) on any branch and sometimes on random hosts.

 

Users on HQ that connects also to the Cluster-RDS never had any complain about connection being dropped, so we assumed that the servers are OK.

 

We performed several troubleshooting steps to try and solve this issue but the problem persists. We took 2 branches to test configurations and if they worked we'd replicate to all the others. So far we tried:

- set auto-asic-offload disable

- set npu-offload disable

- VPN IPSEC: AES-128 and SHA-1 Lifetime:28800s (on both phases)

- system session-ttl for RDP: 28800s

 

Any help would be appreciated.

Thanks

Labels:
1822
0 Kudos
5 REPLIES 5
hbac
Staff
Staff

Created on ‎06-28-2024 06:17 AM

Hi @luis-estanga,

 

Do you have any security profiles enabled in firewall policies? If yes, you can try disabling them to see if it helps. You can also check the logs at the time of disconnection to see if you can find any drops. It will be useful to collect debug flow and packet captures when the issue occurs: 

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sn...

 

Regards,

1813
luis-estanga
New Contributor
In response to hbac

Created on ‎06-28-2024 06:21 AM

Hello @hbac 

We have no security services (AV,IPS,SSL,Webfilter, Appcontrol) running on the policies on both sides.

We cannot perform a packet capture because there are so many hosts between all branches and algo because occurs on random times of the day.

Sometimes on the traffic logs we get a server-rst when the user complains but not always. We checked on the server side and we get no error around the time of the drop.

Thanks

1809
0 Kudos
Kam1
New Contributor

Created on ‎07-29-2024 03:30 PM

Hi, 
We encounter the same issue between 101f and 601f firewall in version 7.2.8. 
We have also try to disable the NPU and remove the UTM without success. 


What is the version of your Firewall? 

Regards, 

1599
0 Kudos
Kam1
New Contributor

Created on ‎08-02-2024 01:05 AM

Hi,

 

For information, we have make a rollback in our previous version in 7.2.7 and the issue seems to be fix.

Regards,

1540
0 Kudos
HarshChavda
Staff
Staff

Created on ‎08-02-2024 07:52 AM

Hello @luis-estanga ,

 

Can you try to increase default session timeout value. You can refer this document for that

 https://community.fortinet.com/t5/FortiGate/Technical-Tip-Default-session-timeout-value-session-ttl/...

1521
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.