Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

PC
New Contributor III

Limit Concurrent Total SSL VPN Users

From what I can see there is not a way to limit concurrent VPN users. I am looking for a setting on the FortiGate that would say only 20 VPN users can be connected at a time. I see the settings per user. Just wanted to see if I am missing an option. Thanks

1 Solution
rmoussa

You can simply create an IP Pool with 20 IPS for the SSL SPN Users. This way only 20 users can be connected at the same time.

Rony Moussa

NSE Certified : Level 8

Rony Moussa
Fortinet NSE Certified: Level 8

View solution in original post

Rony MoussaFortinet NSE Certified: Level 8
6 REPLIES 6
TonyTaylor
New Contributor

I believe you “could” break out rules with user groups and user concurrency limits that would limit users to 20 per group/rule, but this would be an admin nightmare. Not sure there is a way to limit this globally…as in 20 total at any given time.

What is the problem you are actually trying to resolve? The FGTs can handle quite a bit.

/t

From: Peter Cook via Firewall: [mailto:firewall@lists.fusecommunity.fortinet.com]
Sent: Friday, March 9, 2018 9:31 AM
To: firewall@lists.fusecommunity.fortinet.com
Subject: [Firewall:] - Limit Concurrent Total SSL VPN Users


From what I can see there is not a way to limit concurrent VPN users. I am looking for a setting on the FortiGate that would say only 20 VPN users can be connected at a time. I see the settings per user. Just wanted to see if I am missing an option. Thanks

-----End Original Message-----
PC
New Contributor III

Thanks Tony. We are looking to duplicate a prior firewall setup that is tied to billing. The client paid for 20 concurrent VPN users on the old firewall as that was tied to a license. Trying to see how closely I can duplicate that setup. 

TonyTaylor
New Contributor

….assuming as in an MSSP model. There may be something that can be done on the radius side…such as with FortiAuth and the API. But I do not think you can do this in the FortiOS directly. Maybe someone else can fill us in.

/t

From: Peter Cook via Firewall: [mailto:firewall@lists.fusecommunity.fortinet.com]
Sent: Friday, March 9, 2018 9:47 AM
To: firewall@lists.fusecommunity.fortinet.com
Subject: [Firewall:] - RE: Limit Concurrent Total SSL VPN Users


Thanks Tony. We are looking to duplicate a prior firewall setup that is tied to billing. The client paid for 20 concurrent VPN users on the old firewall as that was tied to a license. Trying to see how closely I can duplicate that setup.

-----End Original Message-----
PC
New Contributor III

Exactly. Thanks and have been looking at Radius, just wanted to make sure I wasn't making it more complex than needed.

rmoussa

You can simply create an IP Pool with 20 IPS for the SSL SPN Users. This way only 20 users can be connected at the same time.

Rony Moussa

NSE Certified : Level 8

Rony Moussa
Fortinet NSE Certified: Level 8
Rony MoussaFortinet NSE Certified: Level 8
PC
New Contributor III

That is brilliant! Thanks