Hello! I have two Fortigate-100D OS 5.6 working in cluster and configured with enabled VDOMs.
Users created in Radius and Fortigate successfully auth it, L2TP/IPSEC working fine.
I need to limit one sessions per user. For example user can connect to VPN from account on smartphone and on PC, but our purpoise to do only 1 active connection per user, that belong to Radius usergroup. Is option on fortigate to do it?
Also I try to use options, that allow users can connect to VPN from same external IP. Users from remote office with NAT (with same external IP) need to connect our VPN. I set up for my Radius-vpn group auth-concurrent-override enable and limit it to 50 sessions - set auth-concurrent-value 50, but it does not work. When first user connected to VPN, second user after succsessfull connection knocks out established first user. Why?
config user group
set auth-concurrent-override enable
set auth-concurrent-value 50
set member "Radius_server"
Also I show my global config, this I also add rule set policy-auth-concurrent 50 - but it also no effect:
config system global
set admintimeout 20
set disk-usage log
set hostname "fortigatecluster1"
set policy-auth-concurrent 50
set switch-controller enable
set timezone 83
set vdom-admin enable
Thank you for help.