Skip to main content
Plima
Plima
New Member
July 23, 2018
Question

Allow only one loggin for same username on SSL VPN

  • July 23, 2018
  • 3 replies
  • 22271 views

Hi Everyone,

 

I have a user group where I only want to allow one session by user. In other words, if the user ABC is logged on the VPN Client and other user log in with the same user (ABC) the result will be denied. I want this for all users in the firewall group.

 

Is that possible?

 

thanks

3 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
July 23, 2018

This seems to be the same conversation.

https://forum.fortinet.com/tm.aspx?m=159319&tree=true

 

emnoc
emnoc
New Member
July 23, 2018

You can set that in the ssl setting to the number of concurrent  vpn users. IIRC it works like this, 

 

1: User TEST logins 

 

2: now user TEST attempts to login in , the firewall warns this to this new request with the action to disconnect the 1st user TEST session

 

https://forum.fortinet.com/tm.aspx?m=159319

 

Ken

Plima
PlimaAuthor
New Member
July 24, 2018

toshiesumi wrote:

This seems to be the same conversation.

https://forum.fortinet.com/tm.aspx?m=159319&tree=true

 

emnoc wrote:

You can set that in the ssl setting to the number of concurrent  vpn users. IIRC it works like this, 

 

1: User TEST logins 

 

2: now user TEST attempts to login in , the firewall warns this to this new request with the action to disconnect the 1st user TEST session

 

https://forum.fortinet.com/tm.aspx?m=159319

 

Ken

Hi both,

 

I've tried that, but not successful

 

thanks

Ashik_Sheik
Ashik_Sheik
New Member
September 12, 2018

Hi ,

 

Any solutions to this problem .I am facing similar issue .

 

The Below command configured for LDAP group as well as Local group .Don't work .Appreciate for expert advice .

 

# config user group # edit "fortilab_exchange" # set auth-concurrent-override enable # set auth-concurrent-value (1-100) # end

 

Regds,

 

Ashik

Prab
Prab
New Member
September 12, 2018

Plima wrote:

Hi Everyone,

 

I have a user group where I only want to allow one session by user. In other words, if the user ABC is logged on the VPN Client and other user log in with the same user (ABC) the result will be denied. I want this for all users in the firewall group.

 

Is that possible?

 

thanks

 Yes, under the SSL-VPN Portal select your portal and enable the "Limit Users to One SSL-VPN Connection at a Time" option. You could use the CLI command too:

FGT# config vpn ssl web portal FGT (portal) # edit web-access  <-- Portal name FGT (web-access) # set limit-user-logins enable

 

Hope it helps!

Prab

 

Ashik_Sheik
Ashik_Sheik
New Member
September 13, 2018

Hi,

 

I need this configuration for Tunnel access not web .

 

Any idea.

 

Regds,

 

Ashik

Eder_Lima1
Eder_Lima1
New Member
September 13, 2018

This configuration can also be used for tunel mode.

 

FGT01 (full-access) # show config vpn ssl web portal     edit "full-access"         set tunnel-mode enable         set web-mode enable         set limit-user-logins enable         set ip-pools "SSLVPN_TUNNEL_ADDR1"         set split-tunneling-routing-address "DMZ" "LAN"         config bookmark-group             edit "gui-bookmarks"             next         end         set theme green     next end FGT01 (full-access) # [style="background-color: #ffff00;"]set limit-user-logins[/style] [style="background-color: #ffff00;"]enable[/style]     Enable setting. disable    Disable setting.

 

limit-user-logins                     Enable to limit each user to one SSL-VPN session at a time.

Terms & ConditionsAccessibility statement