FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to configure and check the maximum number of SSL VPN users and dial up VPN tunnels allowed per VDOM.
Solution In order to check the maximum number of SSL VPN users and dial up VPN tunnels that a FortiGate can support for VPN, one needs to check the data sheet of that particular unit.
However, to improve performance in certain deployments with usage of VDOMs, there is an option to limit the SSL VPN users and dial up VPN tunnels to a maximum number per VDOM.
Default configuration.
By default, no limit is set on VDOM.
# config global # config system vdom-property edit "test_VDOM" set description "property limits for vdom test_VDOM" set snmp-index 2 next end
SSL VPN users and IPsec dialup limits can be defined as follow:
# config global # config system vdom-property edit "test_VDOM" set sslvpn 200 set dialup-tunnel 300 end end
The values for limitation can be checked using the following command:
# diag sys vdom-property Resource for vdom test_VDOM: Current, Guaranteed, Maximum dialup-tunnel: 3, 0, 300 sslvpn: 1, 0, 200
- The current connected dialup-tunnels are 3 with maximum of 300 allowed. - The current ssl vpn connected users are 1 with maximum of 200 allowed.
