Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mirza_Asad2723
New Contributor III

Created on ‎03-27-2025 03:51 AM

can i set Limit on a specific user to One SSL-VPN Connection at a Time.

Dear Concern,

 

I want to set a limit on a specific SSL-VPN user so that this user can establish multiple connections at the same time. For example, User A should be able to establish SSL-VPN connections from two different laptops at a time using FortiClient.

 

If I configure it via GUI: VPN > SSL-VPN Portals, edit the SSL-VPN Portal, and enable "Limit Users to One SSL-VPN Connection at a Time", this restriction applies to all users, preventing multiple connections for everyone. However, I want to remove this restriction only for a specific user while keeping it enabled for others.

How can I achieve this? Please share the configuration steps.

 

Waiting for your valuable response.

Labels:
202
0 Kudos
1 Solution
Mirza_Asad2723
New Contributor III

Created on ‎04-03-2025 08:49 PM

Dear All,

I found the solution to allow multiple SSL-VPN connections for a Specific User via GUI in FortiGate-201F (v7.6.2 build 3462).

 

Step 1: Create a New User Group (for the specific user)

  1. Log in to the FortiGate GUI.
  2. Navigate to: User & Authentication > User Groups
  3. Click Create New.
  4. Set Group Name: Multiple-SSLVPN-Users
  5. In the Members section, select the specific user (e.g., User_A).
  6. Click OK.

Step 2: Create a New SSL-VPN Portal (dedicated to the specific user)

  1. Go to: VPN > SSL-VPN Portals
  2. Click Create New.
  3. Set Portal Name: Multiple-Connections-Allowed
  4. Uncheck the option “Limit Users to One SSL-VPN Connection at a Time”.
  5. Configure other portal settings as required (e.g., tunnel mode, split tunneling, IP pools, bookmarks, etc.).
  6. Click OK.

Step 3: Update SSL-VPN Settings

  1. Navigate to: VPN > SSL-VPN Settings
  2. Scroll down to the Authentication/Portal Mapping section.
  3. Click Create New.
  4. Under Groups, select Multiple-SSLVPN-Users.
  5. Under Portal, select Multiple-Connections-Allowed.
  6. Click OK.
  7. Ensure that other users/groups are mapped to a default portal where “Limit Users to One SSL-VPN Connection at a Time” is enabled.

Final Step: Apply Configuration

  1. Click Apply on the SSL-VPN Settings page.
  2. Test the configuration:
    • The specific user (User_A) should now be able to connect from multiple devices simultaneously.
    • All other users will remain restricted to a single SSL-VPN session at a time.

 

View solution in original post

133
0 Kudos
3 REPLIES 3
adambomb1219
SuperUser
SuperUser

Created on ‎03-27-2025 05:46 AM

I'm not aware of a way to configure this locally on the FortiGate for a specific user.  You may be able to use a RADIUS server to allow this.

185
ametkola
Staff
Staff

Created on ‎03-31-2025 03:16 AM

Hello @Mirza_Asad2723 ,

 

Limit Users to One SSL-VPN Connection at a Time -- is an option that on Fortigate can be modified under the SSL VPN settings and has the effect for all of the users. There is no other option that you can do individually for each user on firewall, this option can be done probably on the authentication server.

 

 

157
Mirza_Asad2723
New Contributor III

Created on ‎04-03-2025 08:49 PM

Dear All,

I found the solution to allow multiple SSL-VPN connections for a Specific User via GUI in FortiGate-201F (v7.6.2 build 3462).

 

Step 1: Create a New User Group (for the specific user)

  1. Log in to the FortiGate GUI.
  2. Navigate to: User & Authentication > User Groups
  3. Click Create New.
  4. Set Group Name: Multiple-SSLVPN-Users
  5. In the Members section, select the specific user (e.g., User_A).
  6. Click OK.

Step 2: Create a New SSL-VPN Portal (dedicated to the specific user)

  1. Go to: VPN > SSL-VPN Portals
  2. Click Create New.
  3. Set Portal Name: Multiple-Connections-Allowed
  4. Uncheck the option “Limit Users to One SSL-VPN Connection at a Time”.
  5. Configure other portal settings as required (e.g., tunnel mode, split tunneling, IP pools, bookmarks, etc.).
  6. Click OK.

Step 3: Update SSL-VPN Settings

  1. Navigate to: VPN > SSL-VPN Settings
  2. Scroll down to the Authentication/Portal Mapping section.
  3. Click Create New.
  4. Under Groups, select Multiple-SSLVPN-Users.
  5. Under Portal, select Multiple-Connections-Allowed.
  6. Click OK.
  7. Ensure that other users/groups are mapped to a default portal where “Limit Users to One SSL-VPN Connection at a Time” is enabled.

Final Step: Apply Configuration

  1. Click Apply on the SSL-VPN Settings page.
  2. Test the configuration:
    • The specific user (User_A) should now be able to connect from multiple devices simultaneously.
    • All other users will remain restricted to a single SSL-VPN session at a time.

 

134
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.