ssl vpn create multiple IPs on clients, why

Hello fortiGuru,

                     Thanks for reaching Fortinet Forum. Please make sure "Limit users to One SSL-VPN connection at a time" is enabled on the respective portal. If yes please provide the following information

- What is the firmware version of the firewall and the forticlient in question?

- Under the SSL-VPN monitor do you see this issue for all the users who connect?

- Also please collect the output for the following commands

#diagnose vpn ssl statistics all

#get vpn ssl monitor

Hi FortiGuru,
"Limit users to One SSL-VPN connection at a time" ... this is one of the solutions.
Find out if user logins in using multiple devices.
Each Forticlinet should have 1 x IP address on the adapter.

Himanshu Mogal

Thanks for replies. That option in portal is enabled.

Users use only 1 device per forticlient.
Firewall is:

Did you manage to get this resolved?

Hello,

You may try using below command:
# config system global
    set policy-auth-concurrent 1
end

Refer: https://community.fortinet.com/t5/FortiGate/Technical-Tip-policy-auth-concurrent-system-global-command/ta-p/192071?externalID=FD33675

Since you are on FortiOS 6.4.4, you can also try upgrade to FortiOS 6.4.6 to see if it hit this known bug.

I had that same new problem intermitent with a few of my customers running 6.0.14 or 5.6.11. The Fortigate seem to keep in memory the IP address of the previous connections from that same user, doesnt clear his cache.