Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 3 answers
  • Subscribers 4 subscribers
  • Views 13500 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RDP disconnects: 2 UTM's used, works fine with Netgear router

TimAlbertson

We took on a new client and replaced their Netgear router with an SG105w. The client office is in another region so it is all remote. The long term goal was SSLVPN synced with AD, then allowing the users to use RDP once authenticated. Problem is that since the UTM has been in place, the RDP connections frequently disconnect. Then will reconnect. Windows event logs are clean. We've spoken to the ISP (Charter) a few times but it has not been escalated within their ranks. They'll bounce the modem for us but won't do much more. They point the issue downstream at our router. As yet, we have not used any packet sniffing tools on their network. We have used ping plotter (clean hops out). Sophos support has gone so far as to send us a new UTM and we have rebuilt the configuration. Sophos support was not able to discern much at all from their analysis of the problem (hence the new device ship). All services such as web filtering, IPS, advanced threat protection, are OFF. DNAT rule is straightforward: Traffic from ANY using service Microsoft Terminal Services(RDP) going to External WAN (Network) change the destination to "server" (internal network object). Automatic firewall rule has been created. Firmware version is 9.408-4. RDP works for a bit then will disconnect. 

When we switch back to the Netgear, order is restored. No RDP disconnects occur.

Has anyone run into anything similar to this? I feel like it could be ISP related but what if anything could they do? 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Bohdan.S

    Thanks for the speedy reply. No coordination. It's random. All though it's been stable for me tonight....outside of business hours.

  • 0 in reply to TimAlbertson

    Interesting.

    Could it be a load issue? Ie if using VIOP when you have lots of calls, or someone is watching netflix/YouTube?

    Do you have any QOS or priority on the RPD traffic?

    Regards,
    Bohdan

  • 0 in reply to Bohdan.S

    There are at most 5 users connected. No VoIP used. NO RDP priority set for QoS. That is still in its default settings.

  • 0 in reply to Bohdan.S

    Since I've not set any QoS for RDP at all in this UTM, it's worth a try. Here is what I have done based on the use case.

    -This server is ONLY accessed from external RDP connections. 

    -No more than 8 users are remotely connected to it at one time.

    -Internet link is 65m/bits down and 4m/bits up.

     

    QoS settings

    Status Tab-> Turned on External (WAN) and set the Mbit/sec for down at '65' and Mbit/sec up at 4. Limit uplink, Limit Downlink, and Upload optimizer are ALL checked.

    Traffic Selector-> New (RDP), selector type = application selector, Source 'Any', Destination 'Any'; Control these applications 'RDP'.

    Bandwidth Pool-> New 'RDP', bound to interface 'External (WAN)' bandwidth 3000; specify upper level bandwidth limit is UNCHECKED, RDP selected as the Traffic Selector.

    Download throttling-> New 'RDP', bound to External WAN, Limit kbits/sec at 10000, Limit is 'Shared', Traffic Selector is set to RDP.

     

    I also set the app in application control: RDP accept and log for applications 'RDP' for source networks 'Any'.

     

    There were some good points here: http://www.360ict.nl/blog/sophos-utm-qos/ and Part II here: http://www.360ict.nl/blog/sophos-utm-qos-part-ii/

    Today will be a good test.

     

     

  • 0 in reply to TimAlbertson

    Ok it is still happening but I may have caught it in the act. In looking at the logs, it appears that it works when NAT rule #1 (the DNAT rule is applied) as a source IP with TCP port 4418 (?). But it Drops when the Default Drop rule is applied The source IP is the same but it uses UDP 60692-60693 when it fails. Also, the difference between the two seems to be that the NAT rule shows the correct LAN IP while the Default Drop rule shows the WAN IP.

     

    Is there a misconfiguration and/or do I need to enter additional UDP and TCP ports?

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML