Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

L2TP/IPSEC trouble with concurrent sessions

Hello! I have two Fortigate-100D OS 5.6 working in cluster and configured with enabled VDOMs.

Users created in Radius and Fortigate successfully auth it, L2TP/IPSEC working fine.

I need to limit one sessions per user. For example user can connect to VPN from account on smartphone and on PC, but our purpoise to do only 1 active connection per user, that belong to Radius usergroup. Is option on fortigate to do it?


Also I try to use options, that allow users can connect to VPN from same external IP. Users from remote office with NAT (with same external IP) need to connect our VPN. I set up for my Radius-vpn group auth-concurrent-override enable and limit it to 50 sessions - set auth-concurrent-value 50, but it does not work. When first user connected to VPN, second user after succsessfull connection knocks out established first user. Why?

config vdom
edit vdomvpnname
config user group


        set auth-concurrent-override enable

        set auth-concurrent-value 50

        set member "Radius_server"



Also I show my global config, this I also add rule set policy-auth-concurrent 50 - but it also no effect:


config system global
    set admintimeout 20
    set disk-usage log
    set hostname "fortigatecluster1"
    set policy-auth-concurrent 50
    set switch-controller enable
    set timezone 83
    set vdom-admin enable

Thank you for help.

New Contributor

Colleagues, does someone have solutions to the problem?

New Contributor

The question is still relevant, please help.

New Contributor



I have the same problem, people disconnect other people when connecting, seem to have a max connection somewhere...

here, my max seems to be 4 people... so very low number and it is blocking

any help ?


Esteemed Contributor III

If your user group, I would check for concurrent user values



config user group edit "dialup" set auth-concurrent-override enable set auth-concurrent-value 10

set member local1 local2 grp101 next end



Ken Felix