Technical Tip: Limiting the maximum number of SSL VPN users and dial up VPN tunnels allowed per VDOM

sagha · ‎05-20-2020

Description
This article describes how to configure and check the maximum number of SSL VPN users and dial up VPN tunnels allowed per VDOM.

Solution
In order to check the maximum number of SSL VPN users and dial up VPN tunnels that a FortiGate can support for VPN, one needs to check the data sheet of that particular unit.

As an example for FortiGate-500E:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_500E.pdf

However, to improve performance in certain deployments with usage of VDOMs, there is an option to limit the SSL VPN users and dial up VPN tunnels to a maximum number per VDOM.

Default configuration.

By default, no limit is set on VDOM.

# config global
# config system vdom-property
     edit "test_VDOM"
        set description "property limits for vdom test_VDOM"
        set snmp-index 2
   next
end

SSL VPN users and IPsec dialup limits can be defined as follow:

# config global
# config system vdom-property
    edit "test_VDOM"
        set sslvpn 200
        set dialup-tunnel 300
    end
end

The values for limitation can be checked using the following command:

# diag sys vdom-property
Resource for vdom test_VDOM: Current, Guaranteed, Maximum
dialup-tunnel: 3, 0, 300
sslvpn: 1, 0, 200

- The current connected dialup-tunnels are 3 with maximum of 300 allowed.
- The current ssl vpn connected users are 1 with maximum of 200 allowed.

Related Article.
https://help.fortinet.com/cli/fos60hlp/60/Content/FortiOS/fortiOS-cli-ref/config/system/vdom-propert...

Technical Tip: Limiting the maximum number of SSL VPN users and dial up VPN tunnels allowed per VDOM

You are leaving our website