FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
mforbes
Staff
Staff

Description
This article shows how to disconnect a FortiClient established VPN tunnel, when a secondary user logs in to the same shared workstation.

Scope
FortiClient 5.4, 5.6
FortiClient EMS 1.2

Solution

Enable the '<single_user_mode>' tags in the XML settings of the VPN tunnel. After enabling it, any established VPN tunnel will disconnect if a secondary user logs in to the same workstation. The tag location varies according to the type of tunnel.
 
FortiClient Standalone
 

1) Open the FortiClient console
2) From the menu select: File/Settings/
3) Take a backup
4) Edit the XML settings
5) Enable <single_user_mode> as follows  (depends on tunnel)
6) Save
7) Go back to File/Settings/
8) Restore
SSL VPN IPSec
<sslvpn>
    <connections>
        <connection>
            <name>
                <![CDATA[172.17.97.155_SSL]]>
            </name>
            <server>172.17.97.155:10443</server>
          <prompt_certificate>0</prompt_certificate>
            <prompt_username>1</prompt_username>
            <single_user_mode>1</single_user_mode>
            </connection>
    </connections>
</sslvpn>
<ipsecvpn>
    <connections>
       <connection>
           <name><![CDATA[IPSec]]></name>
           <type>manual</type>
           <ike_settings>
              <server>172.17.97.155</server>
              <authentication_method>Preshared Key</authentication_method>
              <single_user_mode>1</single_user_mode>
           </ike_settings>
         </ipsec_settings>
      </connection>
   </connections>
</ipsecvpn>
FortiClient Enterprise Management System (EMS)
 

 
1) Edit the profile used
2) Go to the VPN tab
3) Edit the VPN tunnel
4) Select Advanced Settings
5) Enable "Single User Mode"
6) Save Tunnel
7) Save Profile

SSL VPN

mforbes_single user - ssl1.png
 

IPSec VPN

mforbes_single user - ipsec1 .png
 
References


Further information is available in the FortiClient XML reference, in the parts referring to SSL VPN and IPsec VPN, which can be found here.


Syntax

XML Tag <single_user_mode>
Description Enable or disable single user mode. If enabled, new and existing VPN connections cannot be established or will be disconnected if more than one user is logged in.
Boolean value: [0 | 1]
Default Value
0
 
 




Contributors