100 logged in admin sessions

Forum|Forum|8 years ago
May 11, 2018
2 replies
10190 views

We run a Fortigate cluster of 2x 100E with version 5.6.2 but the last few days when I try to log in I need to disconnect a few users first as apparantly there are already 100 sessions.

According to the session logs the user admin would have been logged in 100 times already from 127.0.0.1 on HTTP, which is rather strange as we don't even have HTTP enabled, let alone that it says logged in from 127.0.0.1.

Anyone seen this before? I could reboot them during a maintenance window but would rather find the cause as to why first so it does not happen again.

emnoc

New Member

Yes this is probably normal but I would guess yoru jsconsoel connections are left open. Next time execute a cli-cmd diag sys admin list or get system admin and look for any jsconsole.

cjw

New Member

I've seen the same thing too. I can assume your are running the FortiAnalyzer (FAZ) ?

In my case, I only saw this happen during the following conditions:

1. Using multiple VDOMs

2. The admin profile for the FAZ user (I keep them separate) has read-only permissions

3. The FAZ is running v6.0

My resolution was to grant the faz user the super_admin profile. Apparently if your FGT is running 6.0 as well, there is a single permission that it needs read/write but that doesn't exist in <=5.6.

I hope this helps...

JimmyAuthor

New Member

We're still running 5.6 on both Faz and FGT but it seems this was as one time thing for now as we rebooted the master FGT and the issue went away.

menayoub

New Member

Hello;

I had the same issue once .

The solution was to remove the admin user and password used for the first conncetion between the FAZ and the FGT.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded