![]() ![]() Specifically, on a policy which limited itself to Parsec IPs/FQDNs: The option described in this article did allow the STUN session to form reliably though. It would only get partway on one of our two SDWAN connections.įorcing Parsec/STUN applications over a single SDWAN with a rule didn't work (and still doesn't, not fully, for us). Looking at packet captures I found that sometimes the STUN session wouldn't get a response during the handshake Parsec's clients and hosts do. Think I've got a possible solution figured out. wonder if anyone's run into a similar issue or has any ideas? Making some custom applications for the sdwan rules (sent over several packet captures)įorcing the outbound STUN traffic out over specified ports instead of random ones to more easily match on the sdwan rulesĭisabling some features like ssl inspection for the parsec traffic Our SDWAN rules (manually directing everything related to parsec over a single WAN) I've talked with TAC about it as well as Parsec's support staff. and I'm pretty sure uPNP wouldn't be working over the Fortigate) From what I understand Parsec initiates a UDP hole punch from inside the host network to establish the session between the outside client and inside host? (thinking this is what's happening since it does eventually work. and then a few minutes later connect without issue. ![]() The external Parsec client will hang and give this error: Hardware is a FG601e running 7.0.6 currently I've run into an issue getting Parsec clients from outside to connect (Parsec is remote desktop software) I've been testing new pair of Fortigate firewalls to replace a jank Meraki firewall (finally) at the office. Sharing dumps violates a reddit global rule and may result in a site-wide ban. Posting brain or answer dumps for Fortinet certifications is prohibited as they are copyrighted material. What you have already tried as part of your troubleshooting process.Version and type of software being impacted (i.e.Some examples of useful information are the following: Next, please provide us as much information about your problem as you possibly can. If you're having a problem with a Fortinet product, first, make sure you submit your request to Fortinet TAC if you have a valid support contract. Here you can ask for help, share tips and tricks, and discuss anything related to Fortinet and Fortinet Products. Fortinet is a global leader and innovator in Network Security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |