Skip to main content
Jan_1966
Jan_1966
New Member
March 20, 2020
Question

FortiClient Licensing / Concurrent sessions

  • March 20, 2020
  • 1 reply
  • 13607 views

Hi,

 

I hope someone can help me as I am still struggling with Fortinet Licensing structure.

We have a fortigate 301e running 6.0.4.We tested with the free 10 FortiClient that the Firewall comes with and all seemed fine.

 

Now we purchased a 50 License pack FortiClient EMS and installed an EMS server where the clients register to.

We have currently 37 of our 50 FortiClients deployed most on version 6.2.6 and some still on 6.0.9. They are all registerd to the EMS server.

 

However when it comes to Remote Access we still seem to have the limit of 10 concurrent IPsec dial up tunnels. What do I need to do to be able to allow more than 10 concurrent IPsec Dial up tunnels?

After the 10 sessions any new session doesn't seem to connect or even sometimes kicks out another session.

 

With the current COVID 19 issues we really need to increase our number of concurrent Remote Access VPN sessions.

 

Many thanks.  

    1 reply

    Markus
    Markus
    New Member
    March 20, 2020

    Hi Jan For the VPN Part, you don't need FC Licenses on the FG. As far as I know, the License is only necessary if you like to do Telemetry. https://forum.fortinet.com/tm.aspx?m=110974

     

    https://www.forticlient.com/

     

    Good luck

    Best

     

    ShawnZA
    ShawnZA
    New Member
    March 20, 2020

    Did someone not set a limit perhaps? If you go to Global Resources, then look under VPN, perhaps a limit set on the last one "Dial-up Tunnels"?

     

     

     

    TecnetRuss
    TecnetRuss
    Visitor III
    March 22, 2020

    When you created your IPSec Remote Access VPN did you give it a name that was 13 characters long?

     

    In the VPN Creation Wizard (Remote Access), as you type in the name you'll see the following warnings based on the length of the name you give it:

    [ul]
  • 9 characters or less = no warning
  • 10 characters = "10000 concurrent user(s) will be supported"
  • 11 characters = "1000 concurrent user(s) will be supported"
  • 12 characters = "100 concurrent user(s) will be supported"
  • 13 characters = "10 concurrent user(s) will be supported"
  • 14+ characters = "Please enter at most 13 characters"[/ul]

    This has to do with the way each IPSec VPN session is named (see Markus's link).

     

    Russ

    NSE7

    • Terms & ConditionsAccessibility statement