Remote IPsec vpn best practices

Forum|Forum|3 months ago
February 24, 2026
1 reply
246 views

Hi there,

I have configured Remote access Ipsec vpn with forticlient (IPsec Wizard) and I want to implement following best practice.

1. Client must get static IP address (not clients get the IP address from DHCP Pool)

Or

Can I bind static IP address to Users statically .

2. If Client is not performing any activity within 5 min or 10 min or more, Connection automatically should be disconnected. ( When Client is idle condition)

3. At a time only one user can login the VPN with his/her username.

for example - test user only can login from one machine, not multiple machine.

4. Can I bind static mac address of the Client machine with user name or IP address.

5. MFA - I have checked it is working fine for me.

6. Can I create two/more separate group and assign different subnet.

Thank you for support.

FortiGate

xshkurti

Staff

@Umesh
To accomplish all this, you need a RADIUS solution, and FortiAuthenticator can offer all of them.
Users will be remote users from radius server, and have all those radius attributes and accounting.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded