Description
This article explains the output of ‘diagnose vpn ssl statistics’ that is often used to check the maximum number of users that connect to SSL VPN.
Scope
FortiGate.
Solution
In order to check the maximum number of users that a FortiGate can support for SSL VPN, one needs to check the datasheet of that particular unit.
As an example for FortiGate-500E: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_500E.pdf
Concurrent SSL-VPN Users - 10,000
(Recommended Maximum, Tunnel Mode)
In the following datasheet, it can be seen that the maximum number of concurrent SSL VPN users supported by the unit is 10,000 when used in tunnel mode for FortiGate-500E.
The maximum number also relies upon the memory usage on FortiGate.
The output of the command 'diagnose vpn ssl statistics' can be broken down as follows:
diag vpn ssl statistics
SSLVPN statistics (root):
------------------
Memory unit: 1
System total memory: 1954324480
System free memory: 618819584
SSLVPN memory margin: 195432448
SSLVPN state: normal
The values below indicate the highest number of simultaneous connections since FortiGate was restarted.
It is not a maximum value or limitation.
Max number of users: 7
Max number of tunnels: 7
Max number of connections: 24
These values show the current connections (SSL VPN or users) that were up when the command was executed:
Current number of users: 1
Current number of tunnels: 1
Current number of connections: 1
