Technical Tip: Unable to De-Authenticate VPN users from FortiSASE
| Description | This article describes the issue when attempting to de-authenticate a VPN user in FortiSASE, the 'Deauthenticate' button appears grayed out and cannot be selected.
|
| Scope | FortiSASE v25.1.71. |
| Solution | The 'Deauthenticate' option is specifically designed for terminating SWG (Secure Web Gateway) user sessions. It becomes available only when an administrator selects a session associated with an SWG user.
When selecting a VPN user session, the button remains grayed out by design.
FortiSASE does not allow administrators to manually de-authenticate VPN users. This is due to FortiSASE’s 'always-on' architecture, where the SIA (Secure Internet Access) agent continuously attempts to re-establish the VPN tunnel in the event of any network interruption. This design ensures session stability and resiliency. |
