Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pierrec
New Contributor II

Created on ‎03-28-2022 02:21 AM

VPN SSL not using all range

Hi,

I'm having an issue with one of my VPN portals.

I have a range of 20IP available for 5 accounts, so more than enough.

The range is from 10.3.0.78 to 10.3.0.99. Today, users get the IP from 10.3.0.97-99 when connecting.

When a fourth user try to connect, he get the error no more IP available.

If I'm looking the range usage over the last mounth, the fotigate gradually gave IP towards the end of the range. (all capture are anonymised)

pierrec_1-1648458026628.png

I'm using a 1500D in 6.0.14.

Over 50 portals for diverse clients, this is the only one with this issue.

Here is the configuration :

  • Portal :

pierrec_3-1648458418734.png

  • VPN Settings :

pierrec_4-1648458788312.png

  • Policy :

pierrec_5-1648458948428.png

 

 

Labels:
1341
0 Kudos
3 REPLIES 3
jintrah_FTNT
Staff
Staff

Created on ‎03-29-2022 02:33 AM

Hello there,

 

The symptoms appears to match a known issue #745499 resolved in 6.2.10 FortiOS Release Notes | FortiGate / FortiOS 6.2.10 | Fortinet Documentation Library , hence you may want to upgrade and check the behaviour or open a FortiCare ticket for issue validation before further actions.

 

Best regards,

Jin

1270
0 Kudos
pierrec
New Contributor II
In response to jintrah_FTNT

Created on ‎03-31-2022 02:28 AM

It's true that this issue could match with my problem.

What's weird is that this is the only portal doing that over 50 portals.

Is it possible that it's the forticlient the user use that is doing this ?

To temporarly bypass this problem, I've affected a new range of 254 IP. They are already not using the 2-3 first IPs.

 

What's sure is that I can't upgrade the firewall now only for this issue.

1261
0 Kudos
jintrah_FTNT
Staff
Staff
In response to pierrec

Created on ‎03-31-2022 02:37 AM

Hi,

The issue which I mentioned is not related to FortiClient. Good that you increased the range so that IP addresses are available for lease. Another option may be to release stale connections using #exec vpn sslvpn del-tunnel <tunnel index> , so the IP can be reused.

 

best regards,

Jin

1258
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.