Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
condor
New Contributor

SSL VPN unused active connections

 

  Hi, there are user's unused active connection in the SSL VPN service. (Please see image atteched)

 

We have active the option : "Limit Users to One SSL-VPN Connection at a Time" but still unsed active connection. We have 3er party and official forticlients.

 

Any ideas where is the problem?

 

Thanks

1 Solution
willy245

I've seen the same thing. I believe it started happening when I upgraded to 6.0.13, but am not certain. I have connected to the VPN myself and see multiple connections. I had to increase the number of IP addresses available for the VPN to use. I don't have the one connection limit per user, but have never seen multiple connections before when looking at the SSL/VPN monitor

View solution in original post

10 REPLIES 10
lobstercreed
Valued Contributor

The left side is cut off but aren't you looking at the IPSEC VPN connections? Based on the tunnels shown it doesn't look like SSL-VPN at all. You mention 3rd party and FortiClient, and afaik you can't use 3rd party for SSL-VPN anyway
condor

 

  Hi, it is SSL VPN connection (see imagen on link : [link]https://ibb.co/M9xm9qR[/link])

 

The help desk guys try 3rd party clients for Linux suse and work. Today i still have unused active connections problem.

 

Thanks for reply,

 

 

 

rwpatterson
Valued Contributor III

How do you know that they are unused?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
lobstercreed

Interesting.  The only thing that occurs to me is you might want to check your SSL-VPN Portals to make sure the users with multiple connections aren't matching a different portal that *doesn't* limit to 1 simultaneous connection.  We have the setting enabled on some portals but not others, so it depends who the user is, but as far as I know it works correctly and is enforced by the FortiGate.

condor

 

  Hi all, thanks for helping, some tests: A)in linux 1) Take an user delete all conection 2) Connect to VPN and try to connect again, but is not permited, because allow one user per connection. B)In Windows 1) Connect to vpn show 6 connection (i just start the OS) 2) Kill all conection 3) Connect to VPN again and show only one connection 4) Try to connect again but is note permited

 

C) How do i know that are unused?

  I not completly sure, but the host respond only one ip address, and show one ip address in OS.

 

D) SSL-VPN Portals

For this especific user match to one portal that is one connection allowed.

For another users, can establish may VPN session.

 

I don't know what is wrong, thanks

willy245

I've seen the same thing. I believe it started happening when I upgraded to 6.0.13, but am not certain. I have connected to the VPN myself and see multiple connections. I had to increase the number of IP addresses available for the VPN to use. I don't have the one connection limit per user, but have never seen multiple connections before when looking at the SSL/VPN monitor

condor

 

 Thanks for reply, same thing the version or the FW is v6.0.7

sassonie

Can someone explain to me why the above post is marked as resolved? I have the same problem with FortiOS v5.6.8.
Sometimes users have as many as 13 ip addresses in use while I have checked the 'Limit Users to One SSL-VPN Connection at a Time' checkbox. Of course I can make the ip range larger and larger, but that is not the right solution from a security point of view.

So I would like to hear what I can do to solve this problem properly.


Kind regards

Edoardo76
New Contributor II

Hi , did you fix it?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors