Poor RDP performance with NetExtender SSL/VPN starting with firmware 7.0.1 5080
we recently upgraded an NSA 2650 to an NSA 2700 running on 7.0.1 5080
First day in production users (connecting with NetExtender over SSL VPN) complained about reduced performance of the RDP connection, comparing to the NSA 2650.
The RDP connection is no more using UDP. Packet capture shows that the rdp client tries an UDP connection, and these packets are dropped. "DROPPED, Drop Code 726(Packet dropped - Enied by SSLVPN per user control policy) Module Id 27(policy)
There is no firewall rule in place, vpn access is allowed for the destination ip (we and support also tried with whole subnet).
We were able to reproduce the problem with an TZ 670. It was on 7.0.1 5065, rdp worked fine with udp. We did an upgrade to 7.0.1 5080 and now udp stopped working, same drop code.
Sonicwall told us they were able to reproduce this in the lab, ant they gave it to the Engineering team.
Today I received the answer from Engineering "RDP using UDP is not supported on SSLVPN and this is by design. We have an enhancement request (RFE 4675) raised with engineering to include the support for "RDP over UDP" on SSLVPN sessions. as a workaround, you need to force RDP over TCP"
No explanation, why this was working with the NSA 2650 or the TZ 670 with 7.0.1 5065 just "is not supported"... I can't believe that.
If there is anybody out there, who also uses Netextender SSL VPN and rdp sessions. Please check UDP (click on the connection state/quality button in the rdp client in fullscreenmode). For optimal performance it should look like this:
As stated above, after the upgrade to 7.0.1 5080 and in the other case after importing the configuration in the NSA 2700 with 7.0.1 5080 it looks like this