Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dasilva13
New Contributor

Created on ‎08-11-2014 12:52 PM

VPN stops working - need reboot of entire system

Has anyone else had issues with SSLVPN service just stop working? And the only way to have it work again is to reboot entire FortiGate? My users would complain about VPN not working, and then I would try to get to port :10443 and it would not go through. After reboot it would come back up and work normally for some time. does not mention conserve mode, and I have had it happen on all versions from 60c to 100d.
35639
0 Kudos
17 REPLIES 17
Carl_Wallmark
Valued Contributor

Created on ‎09-25-2014 01:13 AM

Hi Chris, This was good info, but I dont get the numbers. This is from a FG100D Gen3. I have 1 user connected, and the " Maximum Users" says 7 ? and " Tunnels" 4 ? It must be calculating it wrong ? SSLVPN statistics: ------------------ Memory unit: 1 System total memory: 4148420608 System free memory: 3388563456 SSLVPN memory margin: 314572800 SSLVPN state: normal Max number of users: 7 Max number of tunnels: 4 Max number of connections: 10 Current number of users: 1 Current number of tunnels: 1 Current number of connections: 1

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
1603
0 Kudos
Christopher_McMullan
Staff
Staff
In response to Carl_Wallmark

Created on ‎09-25-2014 05:41 AM

Maximum users includes both tunnel- and web-mode users, so a smaller number of tunnels is possible before the available memory is exhausted. The daemon is currently in a normal state. If the problem happens again, run the command while it' s still going on, and see how the numbers compare to this baseline.

Regards, Chris McMullan Fortinet Ottawa

1603
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎09-25-2014 06:13 AM

So you mean that 7 concurrent users is the maximun number of users before it is going into conserve mode?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
1603
0 Kudos
Christopher_McMullan
Staff
Staff
In response to Carl_Wallmark

Created on ‎09-25-2014 07:44 AM

Based on current available memory, yes. If more memory is freed up, you should see this number increase.

Regards, Chris McMullan Fortinet Ottawa

1603
0 Kudos
neonbit
Valued Contributor

Created on ‎09-25-2014 06:27 PM

Hi Chris, Surely a 100D should be able to support more than 7 concurrent SSLVPN users? The datasheets say that the recommended ssl vpn users for the 100D is 300. Even if only 10% of these users are connecting at the same time that would be 30; more than 4 times the maximum concurrent users the memory says it can handle. I just ran this on our FG110C and can see the maximum users is 3. I hope this isn' t correct...
1603
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎09-26-2014 12:21 AM

Yes, there must be something wrong with those numbers. Perhaps it is allocating more memory when it reaches the maximum users, but then the word " maximum" is wrong.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
1603
0 Kudos
netmin
Contributor II
In response to Carl_Wallmark

Created on ‎09-26-2014 03:20 AM

I think ' max concurrent ... (seen)' would better fit these numbers.
1603
0 Kudos
Christopher_McMullan
Staff
Staff
In response to netmin

Created on ‎09-26-2014 05:21 AM

Could be. There' s a large ' AFAIK' around this command.

Regards, Chris McMullan Fortinet Ottawa

1603
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.