XG Firewall - Windows Remote Desktop freezing

 

Hi,

We have just started using XG (upgraded from UTM 9) and we are having difficulty with Windows Remote Desktop going through the XG Firewall via an IPsec VPN connection. The Remote Desktop connections temporarily disconnect or pause dozens of times a day.  Sometimes they connect back up, sometimes they drop.  I have added a DoS Bypass rule for the subnet and the RDP server on the other side.  It helped a lot but it is still continuing.  Does anyone know why XG would consider RDP connections as a DoS attack and how to fix this?  This issue is happening in 2 different offices in two different countries (so I know it is not the Internet connection, modem or router). If I put our old UTM 9 firewall back in the issue goes away.  Any help would be appreciated.  Thanks.

Jae

Running the latest firmware SFOS 17.1.4 MR-4 on all sites.

 

 

  • In reply to LuCar Toni:

    I will add to this that I analyzed traffic on both ends, looked at the clients, servers and switches.  Nothing was wrong with anything and all the problems started when we installed XG.  Our UTM 9 firewalls were fine.  We have one small office that didn't need any changes to the DoS but larger offices with 20 plus users or more I think caused the DoS protection to freak out (for lack of a better word) and drop RDP traffic.  I have an office running on the new settings for 3 weeks with no issues now.  The problem is XG and it is the DoS feature if you have more then a couple of users using RDP. 

  • In reply to Jae Lupo:

    But is this DOS Protection feature not doing its job, if you hitting X amounts of UDP packets per Second, it will start to drop? 

    If you take a look at the dump of one session, it is crazy, how many packets per second being transmitted. 

     

    The question is, what should be fixed? 

    Should there be a DOS Protection with preconfigured bypass rules? 

  • In reply to LuCar Toni:

    Just to clerify. I have not enabled any DoS protection at all and the GUI thats shows droped packages shows 0 in every column. And it is IPSec site to site that is the issue for us.

    We have been running the XG since version 15 and been using every version since. This problem started after we upgraded to v 17.

  • In reply to RickardNordahl:

    We had almost the exact same issue:

    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/110335/strange-vpn-connection-issue

     

    We found a workaround to add the registry key to disable UDP over RDP, but still don't know the root cause.  Thought you might find it interesting.