FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sgiannogloudis
Article Id 197443
Description

This article explains what to do when Windows authentication drops RDP connection and describes some technical recommendation which can increase the stability of RDP sessions in FortiOS.


Solution

1) Disable NLA (Network Level Authentication).
Go to Start -> Administrative Tools -> Remote Desktop Services -> Remote Desktop Session Host Configuration.

Connections: Select the name of the connection, and then click Properties.

On General tab, deselect the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' check box.

avalle_RDP_KB.JPG


2) Change to TLS encryption in RDP Bookmark.

Go to VPN - > SSL-VPN Portals and edit 'Predefined Bookmarks'.

Change to Security: TLS encryption.

avalle_RDP_KB2.JPG

3) Change RDP Transport to TCP on Windows PCs.

Steps on how to change the transport protocol are:

Go to Start -> Run -> gpedit.msc -> Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> Select RDP transport Protocol and after selecting the check box, go back to the above registry path and change the value to 1.

0 --> Use both UDP and TCP.
1 --> Use only TCP.
2 --> Use either UDP or TCP.





4) Increase the session TTL RDP timers in FortiOS.

This can be done by configuring  following commands:
# config system session-ttl
# config port
    edit 1
        set protocol 6
        set timeout 3600
        set start-port 3389
        set end-port 3389
    end
end


Contributors