Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    Jun 2018
    Posts
    14

    Default Windows remote desktop connection fails during high load

    I have Untangle installed on dedicated server (2x Xeon E5-2630L CPUs + 32Gb RAM), which is working as a router for 30 other windows servers. We have dedicated 1Gb/s line from ISP.

    These servers put quite a high load (about 500Mb/s traffic usage), however we don't use any additional untangle filters (apart from firewall, which only have simple rule to allow connection to the servers only from specific IP addresses) and we have servers local IP addresses added as bypass rules to avoid high load for untangle (dashboard clearly shows that almost all connections are bypassed). Our untangle dashboard shows low usage of resources (About 3.0-4.0 CPU and 4Gb RAM).

    However we experiencing issues, when we try to connect to the servers via Remote desktop connection (we have untangle port forward rules for this). It fails very often and sometimes it is even impossible to connect this way to the servers. If we lower network load to ~300Mb/s, then situation becomes better, however this is only issue with Remote desktop connection, not overall network. On the servers themselves, we are not seeing any networks problem (slower speed or ping) when the load is high.

    Maybe somebody have ideas, what could cause problems with windows remote desktop connection during high network load? From the untangle dashboard I don't see any issues as we have plenty of unused hardware resources and network cards are server grade, not for home use, so they should handle high load fine.

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,174

    Default

    Good morning. I can't address your question directly.

    I'll start the process by asking for some details - specify the NIC models, and the NGFW server specs. The CPU is important, but not the first thing to look at.

    And a possible misunderstanding in that if traffic is bypassed, it is also bypassed from the Firewall App. Filter rules might be more appropriate.

    And some unsolicited advice on the way I approach 'remote desktop connections' is to not allow them from the WAN for security defense. VPN into the protected LAN to initiate those connections, instead.

    Sorry I am not more helpful!

  3. #3
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,268

    Default

    if not done already, try configuring QoS (Networking->Advanced->QoS) and set RDP traffic (port 3389) to a higher priority.

    also, if the only module you're using is Firewall, unless you need traffic logging you could do the same thing with filter rules, and then bypass all traffic. that will completely eliminate the UVM from the equation. Note also that QoS priority rules only work with bypassed traffic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2