■Customer Environment
・FortiGate 400E
・PC1 (RDP executor)
・PC2 (RDP receiver)
※Both PCs are windows 10.
※The firmware for the fortigate400E is v7.2.5. Also, the FortiClient firmware is v7.0.7.
※SSL-VPN connection is used.
※A policy has been added to allow communication from the internal segment to the VPN terminal segment.
■Inquiry
I want to make an RDP connection from inside the company to a remote access terminal outside the company.
However, when I RDP from an in-house terminal(PC1) to a remote access terminal(PC2), the FortiClient disconnects.
The forticlient notice states that the tunnel "SSL-VPN connection" has been disconnected because another user has logged in to this computer.
The screen on the PC1 side showed the RDP screen, but remained dark.
I would like to know why forticlient disconnects when I do RDP.
If anyone knows the cause of this, please let me know.
Solved! Go to Solution.
Hi @kazuki
not quite sure WHERE is the FortiClient and that SSL-VPN.
I guess it is on PC2.
And as PC2 seems to be Windows 10, then it is NOT a terminal server kind of OS, and so one user at a time is expected behavior. Therefore if you logged into PC2 as userA, then initiated RDP from PC1 to PC2, then even if you'd attempt to login as UserA, it is detected as logon and some service might reinit. I think you could be able to either RDP to login screen and use VPN before login feature there. Or re-start SSL VPN after logon. If set properly (split) then it should not affect current network connection used for DRP session and you should not loose DRP session when SSL-VPN re-start.
If that PC2 is supposed to be some jump-host, I'd strongly recommend to use server class OS and Terminal Server services.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Hi @kazuki
not quite sure WHERE is the FortiClient and that SSL-VPN.
I guess it is on PC2.
And as PC2 seems to be Windows 10, then it is NOT a terminal server kind of OS, and so one user at a time is expected behavior. Therefore if you logged into PC2 as userA, then initiated RDP from PC1 to PC2, then even if you'd attempt to login as UserA, it is detected as logon and some service might reinit. I think you could be able to either RDP to login screen and use VPN before login feature there. Or re-start SSL VPN after logon. If set properly (split) then it should not affect current network connection used for DRP session and you should not loose DRP session when SSL-VPN re-start.
If that PC2 is supposed to be some jump-host, I'd strongly recommend to use server class OS and Terminal Server services.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Sorry for the lack of explanation.
I have forticlient installed on PC2.
There is an SSL-VPN connection between PC2 and FortiGate.
A configuration diagram is shown below.
■configuration diagram
PC2---<SSL-VPN>---FGT---SW---PC1
|
AD server
Created on 09-20-2023 03:17 AM Edited on 09-20-2023 03:19 AM
The following is additional information.
I attempted to establish a Remote Desktop connection from PC1 to PC2, but the screen remains black,and I couldn't establish the Remote Desktop connection.
Additionally, FortiClient on PC2 was disconnected and logged out.
In addition, the VPN users are integrated with Active Directory, and authentication is performed using Active Directory user accounts.
In my own company's environment, I was able to establish a Remote Desktop connection from PC1 to PC2 without any issues.
However, in the customer's environment, I cannot establish a Remote Desktop connection.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.