Skip to main content
HS08
HS08
Visitor III
May 7, 2026
Solved

VPN IP Lease time

  • May 7, 2026
  • 2 replies
  • 73 views

Can we set lease time for SSL VPN IP range? I don’t want same user use different IP if the user disconnect for short period.

Best answer by HS08

yes we can use radius but we not use that.

2 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
May 7, 2026

It’s not DHCP for the IPsec’s mode config IP assignment. So there is no concept of “lease time”. And once a client disconnects, the IP would be returned to the pool for other new users. However, if you’re using RADIUS server for the user authentication, you should be able to use “Framed-IP-Address” attribute to specify a particular IP for each user. But to do that, you need to have enough IPs for all possible users and pre-assign them to all at the server.

Toshi

    HS08
    HS08AuthorAnswer
    Visitor III
    May 7, 2026

    yes we can use radius but we not use that.

    sjoshi
    Staff
    sjoshi
    Staff
    May 7, 2026

    FortiGate does not provide a configurable lease time specifically for SSL VPN IP ranges — SSL VPN IP pools are managed directly by the FortiGate process, not by a DHCP lease mechanism. When a user disconnects, the assigned IP is immediately released back to the pool and may be reassigned to another user.

    You can Assign fixed IPs by user or group:
    Map a unique IP or IP pool to specific users or user groups in SSL VPN portals.
    Use RADIUS attributes (e.g., via FortiAuthenticator) to push a static Framed-IP-Address per user

    Thanks, Salon
      Terms & ConditionsAccessibility statement