Fortigate 200D gives multiple external IP addresses to one client

Bigwil5712 · ‎03-25-2022

After upgrading my Fortigate 200D to firmware version 6.0.14 build 0457(GA) the device started handing out multiple IP addresses to one client using SSL Vpn. Users have been given up to 10+ ip addresses at times. Users should only be given 1 IP address. I reported this to Fortinet Support but they couldn't provide an answer. Anyone has any ideas on this?

lol · ‎04-13-2023

Hello,

Even though this post is already a year old ...

You might be matching a known issue 745499 resolved in FortiOS 6.0.15.

Refer to the release notes

https://docs.fortinet.com/document/fortigate/6.0.15/fortios-release-notes/565064/resolved-issues

Bug ID	Description
745499	In cases where a user is establishing two tunnel connections, there is a chance that the second session knocks out the first session before it is updated, which causes a session leak.

This can lead to multiple IPs being assigned to one endpoint.

And eventually the IP pool to be used up.

workaround are:

# execute vpn sslvpn list > exe vpn sslvpn del-tunnel <missing index
[or]
# execute vpn sslvpn del-al

If you are still reading this then please reply back to confirm the issue got resolved after upgrading to the latest 6.0. release which is currently 6.0.16.

Regards

Fortigate 200D gives multiple external IP addresses to one client

Nominate a Forum Post for Knowledge Article Creation