• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1132
  • Last Modified:

RDP problems over Netscreen 5GT

Hello,

In one of our offices we have two completely separate networks (due to business reasons this has to be the case), Network A & Network B.  Between the two networks I have placed a Netscreen 5GT to allow some traffic to pass between the two.  Some users from Network A need to RDP to a server in Network B.

The RDP session kicks off fine and allows the user to connect to the sever, however, after only a few seconds the session disconnects.  Some of these users are on XP, others are on thin client Winterms.  

I can run a constant ping from A to B without any drops.  Going in the opposite direction, ping is also constant and Citrix works flawlessly.  Unfortunately there are no Citrix farms on Network B so it has to be RDP into the terminal sever.  

Users on Network B can RDP into the server without any problems.  So it appears to me that the problem lies in the Netscreen, but I open to all suggestions.  

I did wonder if it could be a problem with MTU size.  I tried reducing it to 1300 on the Netscreen but it made no difference.   I have seen in some places that the MTU needs to be set on the client machine, but as some of the users are on Winterm thin clients, I don't think this can be configured.  But I fully admit I know very little about MTU so I am open to any suggestions.

Kind regards
0
laytonblackham
Asked:
laytonblackham
1 Solution
 
MrMintanetCommented:
Connect the TS to a switch.  Connect the switch to the DMZ port of each separate network.

Then setup policies to only allow port 3389 through.
0
 
laytonblackhamAuthor Commented:
MrMintanent - thank you for your response.
The policy on the netscreen is already allowing 3389 though, so will this make a difference to the problems I'm getting with the session disconnecting?

Thanks
0
 
MrMintanetCommented:
Have you tried to lower the connection speed to 16 bit color, etc?
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
laytonblackhamAuthor Commented:
No, I haven't actually - I'll try that this afternoon.  

Thanks
0
 
laytonblackhamAuthor Commented:
Hi, back after the bank holiday weekend.

Even with 256 colours and reduced display resolution I get the same issues.  

Thanks
0
 
laytonblackhamAuthor Commented:
Raising the points to 500 in the hope that someone can help me.  Thanks!
0
 
sfrancyCommented:
I have seen this problem occur with an asymmetric routing situation.  This is where the routed path from network A -> B is not the same as B ->A.  If you have this situation, you can fix the routing problem or you can try issuing this command:  unset flow tcp-syn-check.

0
 
laytonblackhamAuthor Commented:
Sfrancy, thank you very much for the response.
I've not had chance to try this today but will do on Monday.

Thanks
0
 
trojan81Commented:
Did "unset flow tcp-syn-check" resolve the issue?
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now