Hi,
In my lab I have a 200E on 5.4.4. I'm using ssl deep inspection for 443 traffic. I'm testing with the Fortigate SSL cert added to the trusted root cert authorities store on computer accounts for windows 10. Normal https traffic is working fine tested on IE11.
My issue is when using RDP connections through rd gateway servers. Specifically external Windows Server 2012 rd gateway servers wont connect rdp sessions from windows devices behind the Fortigate in my lab. Interestingly SBS 2011 rd gateway servers connect successfully, actually.
I tried both proxy and flow based modes. Same result. Does anyone have similar issues or know how to resolve?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi!
The answer for this problem its... add your CA from your RDS to trusted Certificates CA to Fortigate.
This resolve my issue a few years ago.
Hi,
I know this is an old thread, but I'm not able to use RDP gateway with deep inspection. I'm not talking about inbound access to a gateway server, my clients are not able to connect to external servers. Since we do need to connect to a lot of these for various reasons I'm not able to enable DPI. We are using the FortiGate CA Certifiicate and it's trusted by the users workstations. Except the rdp gateways it's working pretty good.
The application is detected fine and it's also allowed, but the rdp clients always ends with an error message and no rdp connection.
I haven't been able to find a fix for external RDS servers being blocked by DPI either, but what we do is add the external RDS/RDWeb URLs to the DPI exemption list in the SSL/SSH Inspection profile so that we can keep DPI enabled for all non-RDS traffic.
Russ
NSE7
Thank you for the confirmation that I'm not the only one who faces that issue. The solution though, that's a lot of manual work i had hoped to avoid...
Thank you for sharing!
Has this ever been solved properly instead of adding all RDP Gateway servers to the exemption list?
Thanks in advance,
Marcel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.