Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
owall
New Contributor

RDP connection via ssl vpn

Hello,

I'm encountering an issue with establishing a Remote Desktop Protocol (RDP) connection to my PC while connected remotely via SSL VPN through my firewall. I've provided a diagram illustrating my home network setup for reference.

Despite successfully connecting to my firewall through SSL VPN, I'm unable to ping or establish an RDP connection with my PC thereafter. I've attempted various troubleshooting steps but haven't been able to resolve the issue.

Could someone kindly provide suggestions or guidance on how to troubleshoot and resolve this connectivity issue?

Thank you in advance for your assistance.

omegle xender
6 REPLIES 6
ValiriyJ
New Contributor

i know this

maulishshah
Staff
Staff

Hi @owall,

 

Could you kindly confirm whether you are connecting to FortiClient or using the SSL Web mode?

 

If you connecting the FortiClient, please enable commands on FortiGate CLI below before establishing the RDP connection

 

di de reset

di de flow filter clear

di de flow filter add x.x.x.x               (x is the destination or IP address of RDP server)

di de flow filter dport xx                    (RDP server connection port by default 3389)

di de console timestamp en

di de flow trace start 9999

di de en

 

Then, try to access the RDP server over the SSLVPN test machine, and once you get the error message please stop debugging by 

 

"di de di"

 

If you connect through the SSLVPN Web, please follow the troubleshooting steps below.

 

di de reset

di de application sslvpnd -1

di de application fnbamd -1

di de en

 

Please try to access RDP and provide us the logs, for further analysis. 

 

Thank you. 

Maulish Shah
hbac
Staff
Staff

Hi @owall

 

I don't see any diagrams. First, you need to verify your routing table by running 'route print' on the SSLVPN client computer and make sure you have a route to your remote PC while connected to the VPN. 

 

If the route is there, you will need to run debug flow on the FortiGate to see if traffic is being dropped or not. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Regards, 

sahmed_FTNT
Staff
Staff
dbu
Staff
Staff

Hi @owall ,
First you make sure you can reach the server you want to reach. If you establish the connectivity, then try with RDP. Check if these services are allowed on the firewall and routing is in place.
If you still fail than run the debugs asked from @maulishshah

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
KumarV
Staff
Staff

Hello,

 

You can run the command

#di sniffer packet any "host x.x.x.x and port 3389" 4 0 l

x.x.x.x the destination server

 

If you see the packet leaving the Fortigate LAN interface (where your destination is connected to) then it is not Fortigate issue and most probably it is a issue with your internal network or with the destination server.

 

But if you see the incoming packets to Fortigate but not leaving the LAN interface then there is some issue with Firewall policy.

 

And if you don't see anything coming to Fortigate then it is most probably the issue with SSLVPN config and routes not being pushed to client machine.

 

Regards

Verender Kumar

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors