Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: Remote Desktop Connection session is dropping...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 07-22-2005 12:49 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Remote Desktop Connection session is dropping very often
Greetings all,
I have a client that has FG-60 with the latest OS in their head office, and also FG-50 are sitting in their remote sites. The head office and remote sites are connected via private network, however when the remote sites are trying to have RDC into the PCs in the head office over those FGs, they' re experiencing session drop off. It happens like 10 - 20 times during the business hours.
When they take the FG-50 out of the network and runs RDC directly from the PC, it runs smoothly without any problems.
Do you guys aware if there' s a session time out with FG-50 when it' s in idle stage? I was guessing that caused by the faulty power supply that doesn' t give enough power to the FG that gives intermittent connectivity. Apart from that, I really have no idea why this is happening...
Any suggestions guys? Thanks before.
Cheers
Jascha
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
13 REPLIES 13
Not applicable
Created on 07-22-2005 07:35 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, it has nothing to do with how much power is going into the box.
Your problem is most likely a session timeout. The default on the Fortigate is 300 seconds (5 minutes) which is quite short for an RDP connection. I usually set port 3389 for a timeout for something between 28,800 (8 hours) and 43,200 (12 hours). That way I get no calls on the problem.
Session timeout is a common problem. I have also seen this to be a problem with Outlook connecting to Exchange over a VPN.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Trombone,
Thanks for your reply, however I' m quite new with Fortigate. Could you tell me where can I set the timeout on specific ports? I' m using Firmware 2.50 Build 299.
Thanks again.
Cheers
Not applicable
Created on 07-25-2005 02:34 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found something in the docs that looks like it.
In CLI it seems to be at
config system session_ttl
config port
edit 1494
set timeout 28800
end
end
Since I am new to Fortigate I really don' t know if this is correct. I will try, but you try at your own risk :-)
port 1494 is citrix winframe which is my current problem regarding session hangups.
@ Trombone: Is this the setting you refer to?
Thanks,
Stefan
Not applicable
Created on 07-25-2005 05:15 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tested the commands listed above. My problem of freezing of the citrix client
persists unfortunately. If this was the setting Trombone meant, it doesn' t help with
my situation. I will do further tests.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Stefan,
Here' s what I got from the knowledge center:
V 2.80
config system session_ttl
set default 300
config port
edit 8787
set timeout 3600
next
end
end
I haven' t checked this up yet, because it' s only available for firmware version 2.80, while I' m using FG-50 (they can only use firmware version 2.50, and I' m using the latest firmware for FG-50 V2.50 build 321). I don' t think the above command list is appropriate to be used for V.2.50.
Anyone knows? Thank you.
Not applicable
Created on 07-26-2005 02:30 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jascha,
your settings seem pretty similar to mine, only that I don' t set a default. Don' t know
what the " next" is for, though... And I of course use the citrix port, not 8787.
Anyhow the settings didn' t work for me.
I think I found the problem, at least the situation got better now, but still needs further
testing. I changed the Keylife in the IPSEC phase2 Advanced Parameters to 7100 on one
side and 7200 on the other side. The freezes seem to be less frequent now. I am waiting for
a report of times when the freezes happen and will review the logs for keyexchanges
that match the freezes.
I will post the results.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If this helps
I have an IPSEC VPN between a sonicwall and a Fortigate wifi 60
My keylife is set to 172800 on both ipsec keylifes and my remote clients use Citrix.
7200 is only 2 hours - maybe set it to last about 12 hours. a longer keylife between negotiations at least allows it not to kill a connection in the middle of a session.
Also, try lightenng up on on some of the encryption if it seems to have trouble establishing a connection.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
I' ve tested the command listing myself for fimrware 2.50, and I think it works. I set the timeout up to 3600 seconds and tested the session without any dropouts for an hour or more. The default session timeout is set to 300 seconds, thus if it' s idling for 5 minutes, it will drop the session. I' ve also tested this by using the default, and yes it dropped after 5 - 10 minutes.
For firmware V.2.50 please use this syntax:
Fortigate-50# set system session_ttl port <specify_port> timeout <specify_time> <Enter>
Since I' m not using VPN (e.g. IPSEC or anything else) to connect to the other sites I don' t have any problems connecting to the other sites. As these sites are connected with each other through a special core Tunnel LAN over the DSL infrastructure made by our ISP. The ISP is the one who maintains the private network termination and its security. Thus we simply put the workstation/router/firewall' s public IP address on the same subnet without any VPN connection required.
If it' s just a normal internet connection which requiring VPN service, I think you guys need to have a look at - yes this might be right - increasing the keylife for IPSEC.
Thanks for all your inputs guys.
Cheers
Not applicable
Created on 07-26-2005 11:34 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am relatively new to VPN, so perhaps I am not right here... I always supposed
the phase2 keyexchange should be working transparently without killing sessions?
Is it normal that during keyexchanges no traffic flows (which would be the explanation why the sessions die)?
And what security implications does it have to increase keylife from 30 minutes to 12 hours or so? In my understanding there will be much more traffic to analyse and bruteforce
the keys of. Is there a way to tell how much traffic should be allowed before changing keys for security reasons?
Thanks for all the help!
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- FortiGate does not re-evaluate the routing... 198 Views
- Fortiswitch Onboard via Aruba 519 Views
- Fortigate Wireless Display 172 Views
- is traffic session 269 Views
- What FortiOS Event Logs should i... 1081 Views
Labels
-
FortiGate
8,239 -
FortiClient
1,662 -
5.2
801 -
FortiManager
692 -
5.4
639 -
FortiAnalyzer
525 -
FortiSwitch
443 -
FortiAP
436 -
6.0
416 -
FortiClient EMS
381 -
5.6
362 -
FortiMail
304 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
192 -
SSL-VPN
192 -
FortiNAC
167 -
IPsec
164 -
FortiGuard
131 -
6.4
128 -
SD-WAN
101 -
FortiGateCloud
100 -
FortiSIEM
96 -
FortiCloud Products
95 -
FortiToken
88 -
FortiAuthenticator
77 -
Customer Service
75 -
Wireless Controller
75 -
Firewall policy
67 -
4.0MR3
64 -
FortiProxy
55 -
FortiADC
51 -
Fortivoice
50 -
FortiEDR
50 -
VLAN
46 -
High Availability
44 -
FortiExtender
43 -
ZTNA
43 -
FortiDNS
42 -
FortiSandbox
40 -
DNS
37 -
Routing
36 -
BGP
36 -
FortiGate v5.4
35 -
LDAP
35 -
FortiSwitch v6.4
33 -
SAML
31 -
Interface
31 -
Certificate
31 -
FortiConnect
28 -
Authentication
28 -
SSO
28 -
NAT
28 -
RADIUS
26 -
FortiWAN
25 -
FortiConverter
25 -
FortiLink
25 -
VDOM
24 -
FortiGate v5.2
23 -
Application control
22 -
Virtual IP
22 -
Web profile
21 -
Logging
20 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
FortiMonitor
18 -
FortiPAM
18 -
Traffic shaping
17 -
FortiDDoS
15 -
SSL SSH inspection
15 -
FortiGate v5.0
14 -
OSPF
14 -
IP address management - IPAM
13 -
FortiSOAR
12 -
FortiCASB
12 -
SNMP
12 -
SSID
12 -
Admin
12 -
Static route
12 -
WAN optimization
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
Automation
11 -
System settings
11 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiManager v4.0
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiBridge
8 -
RMA Information and Announcements
8 -
Port policy
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
Security profile
7 -
Traffic shaping policy
7 -
Fabric connector
7 -
Intrusion prevention
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
FortiCarrier
5 -
FortiDeceptor
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Antivirus profile
5 -
Traffic shaping profile
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Email filter profile
4 -
Netflow
4 -
Replacement messages
4 -
Web rating
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
API
2 -
FortiNDR
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
SDN connector
2 -
Service
2 -
Zone
2 -
Cloud Management Security
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1590 | |
| 1038 | |
| 749 | |
| 443 | |
| 210 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.