Since updating to 6.2.0 I am having problems with was a very stable SSL VPN. The VPN stays connected but client sessions disconnects or freezes. Outlook / Exchange is constantly disconnecting and reconnecting and file shares are experiencing the same type of problem. The interfaces are running clean and packet captures show that the communications between the client and server just stops and eventually times out. On the FortiClient side I have tried v5.4 up to current 6.2 with and without DTLS enabled with no joy. I am aware of the know issue with SSL VPN and RDP #495522 and wondering if it's affecting more than just RDP sessions. Ideas, anyone else experiencing SSL VPN problems with 6.2?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Having very similar issues on 6.2.1 since upgrade. Multiple calls with Support have found no resolve.
Outlook/Exchange connectivity is sporadic, if we get a connection at all. Windows share drive disconnects and slowness/disconnects reported on our EMR.
Has any solution been presented to this issue?
We've been having the same issues since upgrading to 6.2.1 this past July. The behavior has been very inconsistent, and difficult to reproduce for troubleshooting. But the issues are the same when the occur. Outlook frequently disconnects, and file shares drop, or run very slowly.
Haven't been able to find any info on this. If anyone out there has heard anything, it would be wonderful.
Hi, we have been implemented Fortigate 3 months ago with 6.2 version. Since two months ago that we are trying to solve this problem, still we have an case in support but we continued with problems. We have been did the folowing: Change MTU size in affected rules to the vpn. we applied "set preserve-session-route" we disabled dtls we tested differents versions of forticlient, 6.0, 6.2 6.2.2 including the forticlient of Windows Store. But nothing solve the problem, the VPN SSL of Fortinet is very unstable, the applications like RDP, SAP, fall frecuently. Regards,
Andres.
This is a problem for one of my customers as well. Just upgraded from 5.6 to 6.2.2 and they are having the same issues described here. Opened a ticket with Fortinet support. I will update if they have any useful information.
Edit: Support verified it is a bug in 6.2.1 and 6.2.2, however they did not acknowledge 6.2.0 to be a problem. I rolled back to 6.2.0 and verified it is a problem on that version as well. Since I know it worked last on 5.6.6, I downgraded and restored to 5.6.6. I was told it was scheduled to be fixed in upcoming 6.2.3 and 6.4.0. Hope this helps the next person who finds this all out the hard way.
Our managed security services provider was in the office today and we were talking about my SSL VPN problems and we figured out how to make it work! Here is the original ssl.root config: config system interface edit "ssl.root" set vdom "root" set ip 169.254.1.1 255.255.255.255 set status down set type tunnel set alias "SSL VPN interface" set fortiheartbeat enable set snmp-index 7 next end We first tried setting the IP to the WAN IP, but it didn't work. We then checked another Fortigate with an older firmware version but that had a working SSL VPN setup. It didn't have any IP or status lines for the ssl.root interface, so we tried unsetting the IP and status, but the fortiheartbeat required an IP, so I had to run the following commands: conf sys int edit ssl.root unset ip unset status unset fortiheartbeat end After that, it worked! Here is what the ssl.root config looked like after: config system interface edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 7 next end I called Fortinet and they said fortiheartbeat is an enterprise feature used for telemetry and network access control, and it was safe to disable it with those commands I ran. Hopefully this helps you, too! :)
Hello kelderek,
During the time of client disconnection of SSL VPN , on the firewall did you see the message as "Lost the connection"
Sorry ZANOOB, I don't remember for sure, but I don't think we got that message. As I remember, it stayed connected but didn't actually route/forward any of the incoming traffic.
Latest 6.2.4 fixed the bug of unstable RDP, but it has another bugs, which make it unusable in production use... Don't upgrade yet.
ZANOOB wrote:Hello kelderek,
During the time of client disconnection of SSL VPN , on the firewall did you see the message as "Lost the connection"
Hi ZANOOB, I got the VPN similar issue with "Lost the connection" message from the VPN log, do you have any suggestion to solve this? thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1690 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.