Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mrcmobile
New Contributor II

ssl vpn, rdp connection and printer redirection with firmware 5.4.4

Hi, after upgrading firmware to version 5.4.4, we noted the lack of java rdp client and  RDP native mode. With previous versions, it was possible to use microsoft native RDP client. This feature allows us to redirect remote printers to local pc, and naturally print locally.

With this new version I don' find a way to print to my local printer, when connecting to a remote microsoft server. There are no options to set, in ssl vpn web page login. Any suggestion will be appreciated.

 

Thank you.

 

Marco

 

10 REPLIES 10
tof
New Contributor II

Did you find any solution? I have the same issue here. Upgraded in 5.4.5 and still the same.

mrcmobile
New Contributor II

No Tof, no solutions until now.

It seems that nobody uses this feature...

Anyway in my company, it was very usefull.

 

To temporary bypass the problem, I have installed a pdf printer on remote desktop of users that need to print.

Then, they send via mail the pdf document to their pc, and finally they print it on a their phisical printer. Absurd! Any other solution will be apreciated.

 

marco

tof
New Contributor II

Yes we are thinking to work the same way with PDF printers and email or perhaps using a cloud printing solution. 

It is a pity to dispense with such a feature.

Baptiste
Contributor II

Hi all

I was hoping that I would be able to use SSLVPN Webportal instead of forticlient. but I also need Easy Print to map local printers into RDP sessions and it does not work anymore

While googling, I found that Juniper offer that (so it's not HTML5 limit) .

 

=>FTNT would be able to do that 

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Kenundrum

So the old native rdp function was just scripting out a port forward (in effect). It is possible to replicate the old functionality with a port forward bookmark and some basic user training.

 

Create a port forward bookmark on the sslvpn portal- set the host to be the RDP server, remote port should be 3389, the listening port can be any port available locally on the client- 33890, 3390, etc.

What happens is the user would click on the port forward bookmark and it launches a java applet that will forward traffic. This also means that java needs to be enabled in the browser of the user, otherwise they will get an error stating the plugin is not available or incompatible.

The user then opens their remote desktop software and connects to localhost:33890 or whatever port you set. they can choose the options in the client such as printer mapping and then even save the profile to create a desktop shortcut or something.

 

So instead of everything just happening in the VPN portal, they need to do the added step of actually launching the remote desktop client and having it (counter-intuitively) connect to their own computer.

 

Honestly, one of the reasons i like the new browser integrated RDP client is that you can ensure that the user is not mapping printers or local drives thereby reducing the risk of data exfiltration. However, I recognize that it was very convenient and made a lot of sense in environments that were less concerned with very strict security policies.

CISSP, NSE4

 

CISSP, NSE4
ttreat

Yes, the port forward bookmark still works great for using the native RDP client with full functionality. I like it very much. It allows me to open just the RDP port securely without giving an entire open full tunnel to VPN users, but my issue with it is that the port forward option still seems to be using the Java applet which makes it unusable in pretty much every browser except IE. Any word on if/when this will be moved over to HTML5 too? 

leonardo_ortiz

Hi.

Any update about this? Still have this limitation using FortiOS 5.6 and many others limitations with HTML5 RDP.

 

Guacamole is used by fortigate to provide HTML5 RDP, the original project haven't this limitation. File transfer and redirections works fine, why can't fortigate do that? Port Forward use java and have a lot of problems...

 

We pay a lot for a product that have more limitations than a open source solution, that's boring.

Baptiste

Hi all

Any news on this request feature ?

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Joe
New Contributor

Hello there....

 

I would like to have an answer from Fortinet. About this feature. 

 

Before Version 5.4 its was possible to use this feature. Now its gone. we would really need to have this feature enabled again. I found hundrets of complains about why its gone but nothing why its gone. 

 

I am currently evaluating the Fortigate Client Less Solution for Remote Desktop and this is a requirement which each and every native RDP client supports. I thought its a HTML5 limitation but its not juniper or sophos are supporting this as expected. YES I KNOW I COULD USE native RDP and only use VPN client but think about all the Support issues for customers in case of VPN client use..... Thanks no i really want the clientless ssl VPN web app RDP solution its an awesome great feature. 

 

Fortigate has it in before and suddenly removed it. Please let us know why its gone if it was a security thing or if you plan to reenable this feature. In my Situation its a KO for fortigate cause my boss and customers need to have this feature enabled.

 

The only way out right now is to switch to Juniper, but i really dont want to learn a new technology only because of this removal. I am using fortigate through my different companies since at least 15 years..... Please put it back in and disable it as default so nothing should be harmed. 

 

If this feature is in general a real security issue and this might be the reason for removing it, please let us know whats up with that, cause it would also pop up the security question of juniper or others as well and why they still supporting it.... 

 

If its just removed for whatever other reason please put it back in and give us this feature i am not the only one who is using and needing this. Same for local drive connections.... its a feature since rdp exists .... this should be supported an any case 

 

please let us know some details about this. 

 

cheers joe

Top Kudoed Authors