In the last weeks, my network team and I tried to solve a problem at one of my customers regarding SSL VPN problems. The customer keeps connected (green traffic light on) but lost the network connection to his servers several times. Only a manual vpn-reconnect could solve the problem. UTM logs and client-logs couldn’t help us solving this problem. We tested it with local and active directory users but the problem keeps the same. After testing the connection from our office, we keep pinging the servers while our client gets disconnects. We found out, that the problem only appears on his notebooks. Every device runs Kaspersky Anti-Virus. I found an activated protocol with the name „Kaspersky Anti-Virus NDIS Filter”. This filter is a network package interceptor:
We deactivated the filter on every notebook (but only in the TAP-adapter). After several days of testing, no disconnect appears any more. Some other anti-virus vendors are also providing such package interceptors. I hope that my solution also helps you!
/edit: A four month old support ticket has also been solved with deactivating NDIS in the TAP-Adapter of Sophos SSL VPN. This time, the clients are using TrendMicro Office Scan.
3 Responses
Hi michel ;
İ am murat
sophos utm device without s we can make the connection between red.
if we can, how we can proceed. can you give examples
thanks
Hi Murat,
I can’t understand your question. Can you explain it better?
Best regards
Michel
Danke für diesen Hinweis! Ich habe das gleiche Problem somit eingrenzen können. Die Verbindung wird aufgebaut (Ampel grün), aber es findet kein Datentransfer statt.
Deaktivieren der NDIS Filter im Adapter brachte den Erfolg.