Hey folks,
Ever since upgrading my 200D to 6.0.5 (now 6.0.9) when using the FC to connect to the SSL VPN, I have constant disconnects with Outlook and RDP sessions. Pings never fail or timeout, but I get disconnected from my RDP sessions every minute or so, making it completely unusable.
I have a ticket open with support, but honestly, they seem to be dragging their feet. Anyone else seen this behavior and figured out a solution? I have 150 users about to be forced to WFH and this is completely unacceptable. The only work-around I've found is using an IPSEC connection, but that's not realistic.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
At least 6.0.9 has a known issue with drops over ssl vpn, which I posted on this forum about a month ago. They (TAC) said it would be fixed in 6.0.10. However, our case might be different because we didn't have the RDP disconnect over SSL VPN (dropped almost everytime a user tried to RDP into a server after SSL VPN came up) problem with 6.0.6.
I spoke to an engineer this morning and they've slipped me a pre-GA copy of 6.0.10 to try out. I'll be installing it tomorrow morning, so I'll report back then as to the results.
Hey Spidler,
Found this thread while searching for a similar issue. We too are sometimes experiencing RDP freeze and disconnections at 5-10 min interval. FC connection is stable, no disconnect, ping is good. Our Fortigate model is 80E on 6.0.7.
This is not always happening. I sometimes experience this behavior when connecting at night. Another user reported having the issue this morning, but this afternoon everything runs smoothly.
I found this KB ( https://kb.fortinet.com/kb/documentLink.do?externalID=FD46182) which describe a similar problem, but It does not apply to our setup.
I will wait for your report on your test result with 6.0.10.
They specifically mention SSLVPN + RDP, but we've noticed it happens with other programs, like Dynamics NAV and our RDS environment (which, I know, is basically RDP).
Luckily after some split-brain DNS implementation, we can point SSLVPN users to the public RemoteApp farm address and thus bypass the SSLVPN for that traffic. NAV still disconnects, but we put it in as a RemoteApp so users can launch that if they need to work remotely.
It's a pretty big bug, imo, made worse by the current WfH push and I'm surprised it hasn't been quickly patched.
That's encouraging news! I don't think I could get us to run pre-release software, but if things take off, it's possible.
Did the session drop issue occur just over SSLVPN? We are in the middle of migrating more services to FortiGate, and currently routing and firewalling between segments is handled by another device. If we switch and still run 6.0.9, is there a chance sessions would be dropped even internally, or have you only seen it hit SSLVPN users?
The drop-outs ONLY occurred when using the Forticlient for an SSL VPN connection. I tried with a quick IPSEC tunnel I built out and that was stable with no disconnects. We use ther 200D to terminate our site-to-site MPLS and IPSEC backup VPN tunnels and haven't had any issues with connectivity. The only problem was the SSLVPN connections.
Hello Spidler,
Is build8661, the pre-GA copy of 6.0.10 that TAC gave you? We are about to deploy a 400E and we are looking for the best option that could give us reliable RDP connectivity over SSL VPN.
Actually, no. I got this build: FGT_200D-v6-build0358-FORTINET
On my 200D it shows as: v6.0.0 build0358 (interim)
Which is, of course, wildly inaccurate in terms of how it displays it's version and build. The 6.0.0 weirded me out a bit, but seeing as how 6.0.9 is build0335, I feel ok with that discrepancy
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1560 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.