FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sagha
Staff
Staff
Article Id 194563
Description
This article describes how to configure and check the maximum number of SSL VPN users and dial up VPN tunnels allowed per VDOM.

Solution
In order to check the maximum number of SSL VPN users and dial up VPN tunnels that a FortiGate can support for VPN, one needs to check the data sheet of that particular unit.

As an example for FortiGate-500E:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_500E.pdf

However, to improve performance in certain deployments with usage of VDOMs, there is an option to limit the SSL VPN users and dial up VPN tunnels to a maximum number per VDOM.

Default configuration.

By default, no limit is set on VDOM.
# config global
# config system vdom-property

     edit "test_VDOM"
        set description "property limits for vdom test_VDOM"
        set snmp-index 2
   next
end
SSL VPN users and IPsec dialup limits can be defined as follow:
# config global
# config system vdom-property

    edit "test_VDOM"
        set sslvpn 200
        set dialup-tunnel 300
    end
end
The values for limitation can be checked using the following command:
# diag sys vdom-property
Resource for vdom test_VDOM: Current, Guaranteed, Maximum
dialup-tunnel: 3, 0, 300
sslvpn: 1, 0, 200
- The current connected dialup-tunnels are 3 with maximum of 300 allowed.
- The current ssl vpn connected users are 1 with maximum of 200 allowed.

Related Article.
https://help.fortinet.com/cli/fos60hlp/60/Content/FortiOS/fortiOS-cli-ref/config/system/vdom-propert...

Contributors