Is there a command to check or change the lease period of ssl vpn ip address?
I got an IP address reception error on an ssl vpn connection. There is still room in the ssl vpn address.
In the past, the lease period when connecting has not expired, so I think it will result in an error.
FortiGate80E v6.2.3
Check "get vpn ssl monitor" and see the second half under "SSL VPN sessions". That would show you the all IP addresses held by sessions.
If FortiClient is "disconnect"ed properly the session on the FGT side should be terminated and the IP is released. But if the FortiClient is closed without a disconnect, it's still up until idle timer ("set idle-timeout" under "config vpn ssl settings") times out. So you can control those dormant sessions from holding IPs by adjusting the timer.
I would like to know more about this lease period VPN. Would you mind sharing more details? Thank you so much!
As I said it lasts only the tunnel is up.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.