Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

RDP connection through SSL VPN portal

Hi, I have successfully created an SSL VPN connection to our Fortigate 110C running v4.0,build0303,101214 (MR2 Patch 3). I can connect to everything correctly as specified in the firewall rules, including an RDP session to a server. What I would like to do is use the portal and the bookmark widget to save and give users direct access to the stored RDP connection. I was able to create the connection but when I try and initiate it the following error is returned after clicking OK on the screen resolution, " RDP Error" " Connection Exception" " SSL negotiation failed, please check your Fortigate configuration" What and where do I check? Thanks for any advice.
9 REPLIES 9
ddskier
Contributor

Dumb question... Did you create the SSLVPN policies that allow the RDP access to the servers? (e.g. Type SSLVPN)

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Not applicable

Yes, the policies are there. I can connect to an RDP session when the VPN connection is initiated using the Windows Remote Desktop program. What I cannot do is connect through the web browser portal window with the bookmarks widget.
rwpatterson
Valued Contributor III

The web widgets use straight through policies. No need for ssl.root. Wanx -> internal. ssl.root is only for tunnel mode. No need even to ' connect' with the web widgets.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

Yes, I realize that too. But it will not connect with the widget, connected or not it returns the same error.
jmac
New Contributor

Allowed destinations for the web portal are determined by the destination IP/ranges set in the Allow:SSL-VPN firewall rule. You need to make sure your RDP destination is covered by an assigned range in the rule. If your destinations include multiple interfaces (e.g. from WAN1 to Internal1 and from WAN1 to Internal2), then you need a SSL-VPN rule for each interface pair with appropriate destination IP ranges specified in the rule. Note, this for the SSL-VPN rule, not ssl.root tunnel rules.
rwpatterson
Valued Contributor III

Your source IP address should be the wildcard (any, or 0.0.0.0)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

jmac: Destinations are all specified in the rules. rwpatterson: Yes, that is the source range. Thanks for the replies.
rwpatterson
Valued Contributor III

Crappy code?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Arkadiusz
New Contributor

Hello. How to configure SSL VPN Connection + RDP Windows. SSL VPN itself works me vpn tunnel-mode-mode but with this I can not help myself EDIT ' " Yes, the policies are there. I can connect to an RDP session when the VPN connection is initiated using the Windows Remote Desktop program" How did you managed to do it?
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors