Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall - Windows Remote Desktop freezing

 

Hi,

We have just started using XG (upgraded from UTM 9) and we are having difficulty with Windows Remote Desktop going through the XG Firewall via an IPsec VPN connection. The Remote Desktop connections temporarily disconnect or pause dozens of times a day.  Sometimes they connect back up, sometimes they drop.  I have added a DoS Bypass rule for the subnet and the RDP server on the other side.  It helped a lot but it is still continuing.  Does anyone know why XG would consider RDP connections as a DoS attack and how to fix this?  This issue is happening in 2 different offices in two different countries (so I know it is not the Internet connection, modem or router). If I put our old UTM 9 firewall back in the issue goes away.  Any help would be appreciated.  Thanks.

Jae

Running the latest firmware SFOS 17.1.4 MR-4 on all sites.

 

 



This thread was automatically locked due to age.
Parents
  • Watch the IPS/IDS logs for a signature for an RDP exploit. I have had similar things happen with RDP and had to allow a bypass for this signature ID. The disconnects/hangs stopped.

  • It turns out the issue was DoS blocking RDP traffic through the VPN.  I had to add a DoS Bypass Rules for the RDP server (Internal IP) and the destination subnet for both TCP and UDP for port 3389.  I am surprised that the firewall was this strict on VPN traffic for a common protocol but I guess everything is considered a threat unless you tell it that it is not.  I hope this helps anyone that has a similar issue.  Thank you everyone for the help.

  • Hello Jae and thank you for your finding. 

     

    We have been having the same issues for a long time and your solution worked for us as well. I think Sophos Really should look in to this and until they have a solution, write a KB with your findings.

     

    Best Regards

    Rickard Nordahl

Reply
  • Hello Jae and thank you for your finding. 

     

    We have been having the same issues for a long time and your solution worked for us as well. I think Sophos Really should look in to this and until they have a solution, write a KB with your findings.

     

    Best Regards

    Rickard Nordahl

Children