This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RDP connection loss with Sophos Connect

Hello all,

we are using XG Firewall version 18.5 together with Sophos Connect.
We work with terminal servers, the employees connect to the Sophos Connect and then access our RD servers via RDP. Our environment is divided into several farms and servers, a broker assigns this accordingly.
When the employees are connected to the Sophos Connect, regardless of whether with IPSec or SSL, there are always irregular disconnections in the RDP session. The message reconnecting is then displayed and an attempt is made to re-establish the RDP connection. After a few seconds the connection is restored. However, these disconnections occur again and again at irregular times.

Do any of you have the same problem or know what could be the reason?

Thanks already and many greetings
Andre



This thread was automatically locked due to age.
Parents
  • 1. This didn't occur while using the "old" open-VPN-Client??

    2. try to disable Port 3389 UDP, so RDP has to stay with TCP 3389 -- may be detected as "UDP-Flood"


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • I have the exact same Problem with a customer but we are using V19 and the new Connect Client 2.2

    When I connect with the "old" VPN-Client this also occurs but less frequent.

    We do not have any UDP-Flood set up on our Firewall so there should not be a problem with that right?

    What can I do to fix this issue?

  • I would still try to see if disabling 3389 UDP brings any improvement.

    Otherwise, you should capture a wireshark-trace and analyze the root cause...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hi all, 

    What was the outcome of this issue? I may be facing a similar issue.

  • Was there ever a reply from Sophos Support to you on this?  We are experiencing the same issues with V19, and the new Connect Client, 2.2, and did have this problem using SSL VPN in the past prior to the new connect client (we are now IPSEC).  

    I have an open ticket with Sophos Support and we are about to do several putty sessions to the firewall and another packet capture (which has alread been done and FTP's once) with no luck.  This is becoming a very visible issue in our organization now.

  • Do you tried to disable UDP 3389 already?

    ... may help but got no feedback before.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • You could try to disable Firewall Acceleration and/or ipsec acceleration. Or update to V19.5 GA. 

    __________________________________________________________________________________________________________________

  • Upgraded firmware current, 19.5, Sophos verified this is not UDP flood, disabled firewall acceleration, provided Wireshark captures during disconnects, and a pcap capture on the firewall side that has been provided to Sophos support.  

    Yesterday, I was asked to (by Sophos Support)

    1. Disable Firewall acceleration (again)

    2. Run command          set vpn conn-remove-tunnel-up disable

    Because I have IPSEC tunnels up with another hospital for after hours support, I asked for clarification on what the command actually does.  My reply was to try it "after hours" in case there is an impact.

    The ticket is now with our account rep.

    Thx

                 
            

  • The command you are listing above is per default disabled in newer installations. You find more information here: https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=19.0

    __________________________________________________________________________________________________________________

  • Disabling 3389 UDP is not because a flood-event.

    you may try it ... or not.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • per Sophos support, the UDP Flood issue is not the cause.    We have tried disabling firewall acceleration, as well as the command i stated above (and below)

     set vpn conn-remove-tunnel-up disable

    No luck as of today, still ongoing, so well over 2 months now, no resolution.  I have our Account Exec and another engineer involved at this point.

    I am now being asked to create a test user for Sophos Support (guessing to collect client logs) - we could have done this months ago unfortunately.

    I have provided wire shark captures with days/times of disconnects, and they have the logs from the firewall, so we shall see.

    Thx

  • Hello Deresk,

    Just to confirm the Case ID you have for this is 05837573?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply Children