Hello Everyone,We are planning to deploy a FortiGate 60F firewall with a 1-year Unified Threat Protection (UTP/UDP) license in our environment.Currently, we are already using the device for basic WAF-related tasks, and now we want to enable remote VPN access for our users.Our requirement is:Around 15–20 users need to connect remotely at the same time (concurrently) Users will access internal office/premises resources remotely We are considering SSL-VPN or IPsec Remote Access VPNHowever, before deployment, we want to clearly confirm the licensing situation to avoid surprises later.We have seen some firewall vendors/products where:Only 5 VPN users are allowed by default Additional concurrent VPN user licenses must be purchased separatelySo we would like confirmation specifically for FortiGate 60F:How many SSL-VPN users can connect concurrently on FortiGate 60F? Does the 1-year UTP/UDP subscription include remote VPN capability? Do we need any additional VPN user license for 15–20 concurrent remote users? Is FortiClient VPN-only version sufficient, or is EMS licensing required? Are there any hidden limitations or best practices we should know before deployment? If MFA is enabled, do we need additional FortiToken licenses for all users?We would appreciate clarification from anyone who has already deployed FortiGate 60F in a similar production environment.Thank you.

New Member

Question

FortiGate 60F – SSL VPN Concurrent User & Licensing Clarification Needed

Forum|Forum|26 days ago
May 14, 2026
3 replies
95 views

Hello Everyone,

We are planning to deploy a FortiGate 60F firewall with a 1-year Unified Threat Protection (UTP/UDP) license in our environment.

Currently, we are already using the device for basic WAF-related tasks, and now we want to enable remote VPN access for our users.

Our requirement is:

Around 15–20 users need to connect remotely at the same time (concurrently)
Users will access internal office/premises resources remotely
We are considering SSL-VPN or IPsec Remote Access VPN

However, before deployment, we want to clearly confirm the licensing situation to avoid surprises later.

We have seen some firewall vendors/products where:

Only 5 VPN users are allowed by default
Additional concurrent VPN user licenses must be purchased separately

So we would like confirmation specifically for FortiGate 60F:

How many SSL-VPN users can connect concurrently on FortiGate 60F?
Does the 1-year UTP/UDP subscription include remote VPN capability?
Do we need any additional VPN user license for 15–20 concurrent remote users?
Is FortiClient VPN-only version sufficient, or is EMS licensing required?
Are there any hidden limitations or best practices we should know before deployment?
If MFA is enabled, do we need additional FortiToken licenses for all users?

We would appreciate clarification from anyone who has already deployed FortiGate 60F in a similar production environment.

Thank you.

funkylicious

SuperUser

Hello,

1) you can see the max value in the FortiGate-60F datasheet, 200 users

2) VPN does not require a separate license

3) no

4) yes, FortiClient-VPN Only is enough for basic VPN (SSL or IPsec) remote access connectivity

5) not hidden, but you would need to know beforehand what and how you need to configure to research what can be done or not with the free version of FortiClient - info should be available in the release notes of FortiClient or a tech tip on the forum

6) depends on the MFA solution you would like to use/implement

if you would not go beyond FortiOS 7.6.3 which removes SSL VPN tunnel, i would recommend using it instead of IPsec

https://docs.fortinet.com/document/fortigate/7.6.6/fortios-release-notes/173430/ssl-vpn-tunnel-mode-replaced-with-ipsec-vpn

Also, starting with FortiOS 7.4.4 proxy-related features are removed on FortiGate models with 2GB of RAM , which also includes 60F so if you upgrade to that version or beyond you would be able to use WAF on it

https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/768039

"jack of all trades, master of none"

Yurisk

SuperUser

Hi,

The recommended maximum per 60F data sheet is up to 200 SSL VPN Tunnel mode connections. Of course it is not advisable to test this maximum, but anyway 15-30 concurrent users will be fine in full tunnel mode.
UTP bundle does NOT include any remote VPN features.
This can be answered in a ‘here and now’ kind of way, currently, you may use VPN-only free client for free to do SSL VPN/IPsec VPN with no limit on number of users. Starting with 7.6 FortiOS does NOT have SSL VPN tunnel capability - removed, regardless of model. IPSec VPN is still free and unlimited in user number as long as we have free VPN-only client available and supported by Fortinet. Fortinet extended End of SUpport for 7.4, the last version having SSL VPN, up to 2027-05-11, and security patches up to 2028-11-11. So if you plan to replace 60F by those dates, you can have SSL VPN. VPN-only free client though, may be discontinued, and all indicators it will be, any minute, in such case you do have to buy VPN license per user. Recently Fortinet added new product VPN Standalone client, paid, but you don’t need to manage it with EMS server, and payment is one-tome, not subscription like EMS.
See above, so far - it is sufficient, but it may change any time soon.
Not sure what this could be.
FortiTokens are separate product/SKU, so to have them you do have to pay. BTW You can do MFA with 3rd party providers as well.

Unrelated: this font is plain ugly, where are our beloved sans-serifs :) ?

rmreddy

Staff

If MFA is enabled, do we need additional FortiToken licenses for all users? - If you are planning to use FortiToken for MFA, by default two free mobile tokens are included in the device. If FortiToken is needed for more than 2 users, then you need to purchase FortiToken license.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded