Description
This article explains why the number of FSSO sessions may appear to be more than the allowed users by license when looking at GUI -> Monitor -> SSO -> SSO Sessions.
Scope
FortiAuthenticator
Solution
This is expected since the FortiAuthenticator creates a new SSO session received from multiple NIC cards of the same host with the same user, but the license will be counted as 1.
For example:
This is illustrated in the following screenshots.
FortiAuthenticator will create 3 sessions for the same user with different IP addresses, but the license will be counted as only 1 user.
For example:
| Workstation name | Username | IP Address |
| OXYGEN-KVM24 | FACUSER | 169.254.227.76 |
| OXYGEN-KVM24 | FACUSER | 169.254.119.110 |
| OXYGEN-KVM24 | FACUSER | 10.5.23.153 |
This is illustrated in the following screenshots.
Since it is common for a workstation to have more NIC cards + IP associated with the same host and DNS would resolve host1.localdomain.local -> both IP addresses registered for this machine in DNS.
FortiAuthenticator will create 3 sessions for the same user with different IP addresses, but the license will be counted as only 1 user.
