Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff

Created on ‎03-07-2021 08:17 AM Edited on ‎02-17-2022 01:40 PM By Anonymous

Article Id 190927

Technical tip: How to avoid short-time RDP reconnection/disconnection when the traffic is flowing

Description
This article describes how to avoid short-time RDP reconnection/disconnection when the traffic is flowing through the FortiGate.

Solution
A common issue with the RDP reconnections is due to RDP client changing the transport protocol from TCP to UDP.
This is due to a feature in RDP protocol version 8, which allows using UDP as a transport in order to accelerate the RDP sessions.

The workaround is to configure RDP Client/Server not to change the transport protocol or to keep the option of changing the transport protocol, but accept these short-time disconnections as a side-effect of changing the transport protocol.

Reference to the Microsoft documentation:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpeudp/aea14a52-baa1-4486-bcd8-f305...

The solution from the FortiGate side:

On the firewall policy which allows connections from client to RDP server, allow RDP service(which allows connection to TCP Port 3389), so the client and server will not be able to switch to UDP.

Labels:
2048
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.