There is way to see vpn connection drop

Kpax · ‎12-21-2015

Greetings,

I am using Fortigate 90D, with 5.2.3ver, and created 30 users.

from some reason when I notice that when more than 10+ users connected the connection is became unstable which means users experience disconnection.

I checked Auto Connect, Always Up (Keep Alive) and Never Logout Inactive Users

but issue is still persist.

I mange to see via Logs & Report > Event Log > VPN or User (User xxx succeeded in logout, or login)

There is any way to see which connection is dropped and the reason for that?

Also users stay logged on with new IP, could be because of Never Logout Inactive Users

Thanks in advance,

Kpax

Thanks in advance,

Kpax

emnoc · ‎12-21-2015

10+ users might be stressful on a FGT90D. Just how much traffic on the internet link and do you have splittunnel?

This might be helpful;

http://socpuppet.blogspot.com/2015/12/sslvpn-diag-commands-fortios.html

PCNSE

NSE

StrongSwan

Kpax · ‎12-21-2015

Hey Emnoc,

According to Data Sheet, 200 users, and Throughput is 35Mbps

Users usually connect via FortiClient for mobile (Android) and than work with ERP API application which transfer file(s)

most of time few KB as u can see, and in some cases when they connect for few hours it is growing.

yes. they are configure with split tunneling.

If I will divided the users for small group of 5 each, do you think it will help?

Thank in advance,

Kpax

Thanks in advance,

Kpax

Kpax · ‎12-21-2015

::update::

When look deep on this matter, I notice that when users using VPN, they also using

'other personal stuff' (e.g Radio-streaming, What's App, Skype,Waze etc) and probably this is my bottle neck 35Mbps, and why do we experiencing disconnections after 10 + concurrent session.

I will remove the split-tunneling, because all their traffic is comes in, while they connected.

I should create another policy to allow them Internet with different range without split-tunneling.

Will update later on the outcome.

thanks Emnoc for SSLVPN diag commands fortiOS very useful ;)

Thanks in advance,

Kpax

Thanks in advance,

Kpax

Kpax · ‎12-22-2015

::update::

As i removed the split-tunneling, there was no internet connection for the users.

I add another policy for ssl-vpn Internal/Wan internet is back.

after this change I notice the Volume Traffic is jumps to high MB.

According to this setup (with split-tunneling not marked), means users having their internet services via their service provider? or the traffic is still running via the Fortigate device?

Thanks in advance, Kpax

Thanks in advance,

Kpax

JohnAgora · ‎12-23-2015

Kpax wrote:
::update::

As i removed the split-tunneling, there was no internet connection for the users.
I add another policy for ssl-vpn Internal/Wan internet is back.
after this change I notice the Volume Traffic is jumps to high MB.

According to this setup (with split-tunneling not marked), means users having their internet services via their service provider? or the traffic is still running via the Fortigate device?

Thanks in advance, Kpax

When split tunneling is NOT enabled ALL traffic goes through the VPN (via the Fortigate device).

It is more secure, anyhow you need more resources and the users may complain of slow Internet (latency).

Kpax · ‎12-23-2015

::SOLVED::

After the changes above, user reports session are more more stable, without disconnection.

Thank again.

Thanks in advance, Kpax

Thanks in advance,

Kpax

JohnAgora · ‎12-23-2015

You should check the name of your VPN. Long names allow less users: http://kb.fortinet.com/kb....do?externalID=FD31562

Kpax · ‎12-24-2015

JohnAgora wrote:
You should check the name of your VPN. Long names allow less users: http://kb.fortinet.com/kb....do?externalID=FD31562

didn't know that ;), thanks mate...I changed that

Thanks in advance,

Kpax

There is way to see vpn connection drop

Nominate a Forum Post for Knowledge Article Creation