In the last weeks, my network team and I tried to solve a problem at one of my customers regarding SSL VPN problems. The customer keeps connected (green traffic light on) but lost the network connection to his servers several times. Only a manual vpn-reconnect could solve the problem. UTM logs and client-logs couldn’t help us solving this problem. We tested it with local and active directory users but the problem keeps the same. After testing the connection from our office, we keep pinging the servers while our client gets disconnects. We found out, that the problem only appears on his notebooks. Every device runs Kaspersky Anti-Virus. I found an activated protocol with the name „Kaspersky Anti-Virus NDIS Filter”. This filter is a network package interceptor:
We deactivated the filter on every notebook (but only in the TAP-adapter). After several days of testing, no disconnect appears any more. Some other anti-virus vendors are also providing such package interceptors. I hope that my solution also helps you!
/edit: A four month old support ticket has also been solved with deactivating NDIS in the TAP-Adapter of Sophos SSL VPN. This time, the clients are using TrendMicro Office Scan.