Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vrajendran
Staff
Staff

Created on ‎07-17-2012 07:01 AM Edited on ‎01-08-2026 09:57 PM By Community Manager

Article Id 192071

Technical Tip: 'policy-auth-concurrent' system global command clarified

Description

 

This article explains the 'policy-auth-concurrent' configuration parameter and clarifies its default value.

 

Scope

 

FortiGate.

Solution


The option 'policy-auth-concurrent' under the system global profile is used to control if the same user can be authenticated for multiple sources at the same time.

 

config system global
    set policy-auth-concurrent (0-100)
end

 

The default value for this setting is '0', meaning there is no limit to the number of source IP addresses that can be associated with a single user.

 

If this value is modified, captive portal and firewall policy authentication prevent a user from authenticating from additional IP addresses once the limit is reached, and display a browser warning.

 

199277 Mohammed_Feroz_0-1660138485283.png

 

For example, if policy-auth-concurrent is set to '1', each user can only be associated with one source IP address at a time. If a user has already been authenticated, future authentication requests for the same user from other source IP addresses will be denied.

 

config system global
    set policy-auth-concurrent 1
end

 

The 'policy-auth-concurrent' setting can be overridden at the user group or user level. When configured at the user or group level, 'auth-concurrent-value' will have precedence over the global 'policy-auth-concurrent' setting.

 

config user local
    edit <name>
        set auth-concurrent-override enable
        set auth-concurrent-value (1-100)
end

config user group
    edit "fortilab_exchange"
        set auth-concurrent-override enable
        set auth-concurrent-value (1-100)

end

 

Notes:

26365
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.