Created on 03-07-2021 08:17 AM Edited on 02-17-2022 01:40 PM By Anonymous
Description
This article describes how to avoid short-time RDP reconnection/disconnection when the traffic is flowing through the FortiGate.
Solution
A common issue with the RDP reconnections is due to RDP client changing the transport protocol from TCP to UDP.
This is due to a feature in RDP protocol version 8, which allows using UDP as a transport in order to accelerate the RDP sessions.
The workaround is to configure RDP Client/Server not to change the transport protocol or to keep the option of changing the transport protocol, but accept these short-time disconnections as a side-effect of changing the transport protocol.
Reference to the Microsoft documentation:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpeudp/aea14a52-baa1-4486-bcd8-f305...
The solution from the FortiGate side:
On the firewall policy which allows connections from client to RDP server, allow RDP service(which allows connection to TCP Port 3389), so the client and server will not be able to switch to UDP.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.