I used the "set admin-concurrent disable" command in a FG with 5.4.2 and it seems that it doesn't work as I was expecting. According to the FortiOS handbook, with this command:
"[style="background-color: #ffff00;"]you can disallow concurrent administrative access using the same administrator user name.[/style]
[style="background-color: #ffff00;"]This allows only one session with the same username even if it is from the same IP[/style]."
However, the behavior I experienced was totally different: I opened one web session as admin and another as userxyz. The I tried to open a new session as userxyz again. The system refused with an "Authentication failure" message. So far so good. BUT the system also kicked me out from the first two sessions I had already opened (admin and userxyz) and I could't reconnect for a while, because of "too many login failures".
This is not the behavior was expecting according to the official documentation above. Am I hitting on some bug or something, or is this how this feature is supposed to work?