Hi,
I've configured a ZTNA Server + Rule + Destination for RDP Session to a certain server.
Therefore I configured a PROXY Port which is then TCP Forwarding to Port 3389.
Anyhow no RDP connection can be established.
Any ideas?
KR
Chris
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
I recommend you create a FortiCare ticket to us.
Attach your endpoint XML file and FGT config file to the ticket.
ETAC team should be able to assist you once we get the details.
Here are a few things you can try to troubleshoot the issue:
1. Verify that your ZTNA server is up and running. You can do this by checking the server logs or by pinging the server.
2. Check that your firewall is not blocking the connection. Make sure that the required ports (including port 3389 for RDP) are open and accessible.
3. Verify that the TCP forwarding is configured correctly. Double-check that the proxy port is correctly forwarding to port 3389.
4. Check that the RDP server is configured correctly. Ensure that the RDP settings on the destination server are configured to allow remote connections.
I hope these suggestions help. Let me know if you have any further questions or if there's anything else I can assist you with.
Hi Chris,
Example of your setup: https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/101256/ztna-tcp-forwarding-a...
Generally it should be some misconfiguration somewhere.
You can find the clues in FGT > Logs > ZTNA traffic.
Or run below debug command while attempting to RDP via ZTNA:
~~~Attempt to RDP~~~
diag debug disable
diag debug reset
Thank you,
to be honest in the ZTNA Log on the FGT I checked already last time.
Nothing is written there.
With the Debug commands via CLI I don't get any Info I know what it's talking about.
There is something written about redirect on Port 9443
[V]2023-06-19 10:56:58.410711 [p:260] wad_dispatcher_send_fd_to_worker :1351 redirect 61 accepted yy.yyy.yyy.yyy:30204 -> xx.xxx.xxx.xxx:9443 on 61, forw
arding to worker(0x7fa06c5048)
[I]2023-06-19 10:56:58.410734 [p:260] wad_ipc_srv_send_msg :1180 send conn=0x7fa06c5048 msg=0x7fa06a6048
[I]2023-06-19 10:56:58.410744 [p:260] wad_unix_stream_sendmsg :246 WAD unix stream stream 0x7fa06c5048 msg=0x7fa06a6048 n_fd=1.
[I]2023-06-19 10:56:58.410786 [p:261] wad_unix_stream_on_read_msg :488 recvmsg
[I]2023-06-19 10:56:58.410826 [p:261] wad_unix_stream_on_read_msg :488 recvmsg
[I]2023-06-19 10:56:58.410840 [p:261] wad_tcp_port_alloc :1454 alloc tcp_port=0x7faa579c08
[I]2023-06-19 10:56:58.411036 [p:261] wad_unix_stream_flush_data :595 WAD unix stream stream 0x7fabd90048 write (1,4)
[261] write [(1,4) (04 00 00 00 )(....)]
[I]2023-06-19 10:56:58.411122 [p:261] wad_unix_stream_flush_data :595 WAD unix stream stream 0x7fabd90138 write (1,32)
[261] write [(1,32) (00 01 00 00 02 00 00 00 59 90 cf bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 )(........Y.......................)]
[V]2023-06-19 10:56:58.411805 [p:260] wad_unix_stream_on_read_data :426 WAD unix stream socket 48 read (0,4080)
[260] read [(0,4) (04 00 00 00 )(....)]
[V]2023-06-19 10:56:58.411845 [p:260] wad_unix_stream_on_read_data :426 WAD unix stream socket 49 read (0,4080)
[260] read [(0,32) (00 01 00 00 02 00 00 00 59 90 cf bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 )(........Y.......................)]
[I]2023-06-19 10:56:58.418018 [p:261] wad_tcp_port_put :627 free tcp_port=0x7faa579c08
[I]2023-06-19 10:56:58.418043 [p:261] wad_unix_stream_flush_data :595 WAD unix stream stream 0x7fabd90138 write (1,32)
[261] write [(1,32) (00 00 00 00 02 00 00 00 59 90 cf bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 )(........Y.......................)]
[V]2023-06-19 10:56:58.418155 [p:260] wad_unix_stream_on_read_data :426 WAD unix stream socket 49 read (0,4080)
[260] read [(0,32) (00 00 00 00 02 00 00 00 59 90 cf bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 )(........Y.......................)]
[I]2023-06-19 10:56:58.728193 [p:263][s:5354102] wad_tcp_port_on_event :1875 start processing tcp event=0x1 events=0x1 fd=54 n_out_block=0 state=2 clos
e/shut=0/0 n_out_block=0
Hello,
I recommend you create a FortiCare ticket to us.
Attach your endpoint XML file and FGT config file to the ticket.
ETAC team should be able to assist you once we get the details.
I will update my ticket I allready openend a few weeks ago with the information you asked me to send.
To be honest at the moment I don't feel supported very well on ZTNA.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.