Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 43 subscribers
  • Views 3376 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RDP freezes for 5-10 seconds

VTH

So we have a pretty new XGS 2300 and we have some cases where we connect to our customers servers over an Ipsec Site-to-Site tunnel with RDP.

the tunnel is stable but sometimes the remote desktop session freezes for a short time.

I looked into the firewall logs and saw that the server which I connected to tried to reply with src port 3389 to a random high port UDP. Is this normal because UDP sends packages without acknowledgement or could this be the root of the problem.

I also looked into the thread where I should disable the ipsec-acceleration but havent tried this yet.



This thread was automatically locked due to age.
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, currently the XGS 2300 is active on which firmware ?
    As in Version 19.5 GA Build 197, the following issue were fixed:


    By default IPsec acceleration is disabled on all appliances except XGS. 

    XG135w_XN03_SFOS 19.0.0 GA-Build317#

    console> system ipsec-acceleration show
    IPsec acceleration isn't available on XG Series hardware, virtual, software, and cloud devices.

    console> system ipsec-acceleration enable
    IPsec acceleration isn't available on XG Series hardware, virtual, software, and cloud devices.

    Additionally you may refer - Sophos Firewall: MSS Clamping and IPsec Acceleration & Sophos Firewall: Connection fails for remote access IPsec clients when IPsec acceleration is turned on

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    So we are using:

    Sophos Firmware Version: SFOS 19.5.3 MR-3-Build652                              
    Model: XGS2300                                                                  
    Hostname: Firewall1                                                          
    HA node name: Firewall1                                                      
    Current status: Primary (Active) from 10:34:09 PM, Dec 20, 2023                 
                                                                              
    console> system ipsec-acceleration show                                         
    IPsec acceleration status: turned on   

    The links you posted are mentioning tcp but all remote desktop traffic is udp

Reply
  • 0 in reply to Vivek Jagad

    So we are using:

    Sophos Firmware Version: SFOS 19.5.3 MR-3-Build652                              
    Model: XGS2300                                                                  
    Hostname: Firewall1                                                          
    HA node name: Firewall1                                                      
    Current status: Primary (Active) from 10:34:09 PM, Dec 20, 2023                 
                                                                              
    console> system ipsec-acceleration show                                         
    IPsec acceleration status: turned on   

    The links you posted are mentioning tcp but all remote desktop traffic is udp

Children
No Data
Unfiltered HTML