Created on 04-20-2020 10:07 AM Edited on 01-10-2022 09:39 AM By Anonymous
This article describes how to limit users to one active SSL VPN connection at a time.
FortiOS 6.2.6 and above.
From the FortiGate GUI: VPN > SSL VPN Portals, edit SSL-VPN Portal and enable: "Limit Users to One SSL-VPN Connection at a Time".
# config vpn ssl web portal
edit <portal name>
set limit-user-logins enable
end
You already have an open SSL VPN connection. Opening multiple connections are not permitted.
Do you want to proceed and disconnect your other connection?
Select "[Yes]" and the existing session will be terminated.
Please notice that if this feature is enabled but FortiGate is still exhausting the IP address pool, this can be due to existing defect: "663532" (It is fixed in FortiOS 6.2.6):
If it is hitting this defect, some indexes may be lost and not continuous
# get vpn ssl monitor
Compare the sessions, with which command line only shows 1 session while GUI shows numbers of session
# diagnose vpn ssl list
If it is hitting the defect, please consider the following actions:
To list all SSL VPN sessions and their index numbers:
# execute vpn sslvpn list
To disconnect a tunnel mode user:
# execute vpn sslvpn del-tunnel <index>
To disconnect a web mode user:
# execute vpn sslvpn del-web <index>
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.