Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortiGuru
New Contributor

Created on ‎11-23-2021 02:09 AM Edited on ‎11-23-2021 02:10 AM

ssl vpn create multiple IPs on clients, why

We are having problem that some ssl vpn users have several ip tunnel

 

help.png

 

and that's create a problems with clients.

What cause this?

ga.png

 

 

Labels:
5519
0 Kudos
6 REPLIES 6
Anonymous
Not applicable

Created on ‎11-25-2021 11:42 AM

Hello fortiGuru,

 

                     Thanks for reaching Fortinet Forum. Please make sure "Limit users to One SSL-VPN connection at a time" is enabled on the respective portal. If yes please provide the following information

 

- What is the firmware version of the firewall and the forticlient in question?

 

- Under the SSL-VPN monitor do you see this issue for all the users who connect?

 

- Also please collect the output for the following commands

 

#diagnose vpn ssl statistics all

#get vpn ssl monitor

 

 

 

5416
0 Kudos
hmogal
Staff
Staff

Created on ‎11-25-2021 02:44 PM

Hi FortiGuru,
"Limit users to One SSL-VPN connection at a time" ... this is one of the solutions.
Find out if user logins in using multiple devices.
Each Forticlinet should have 1 x IP address on the adapter.

Himanshu Mogal

5407
0 Kudos
fortiGuru
New Contributor

Created on ‎12-02-2021 11:23 AM

Thanks for replies. That option in portal is enabled.

Users use only 1 device per forticlient.
Firewall is:

 

FortiGate 200F
v6.4.4 build5543 (GA)
 
FortiClient is not a problem, we used from newest to earlier versions (from now), and still having problems.

command:

diagnose vpn ssl statistics all
SSLVPN statistics (all vdoms):
------------------
Memory unit: 1
System total memory: 8366841856
System free memory: 4799143936
SSLVPN memory margin: 629145600
SSLVPN state: normal

Max number of users: 30
Max number of tunnels: 30
Max number of connections: 31

Current number of users: 11
Current number of tunnels: 11
Current number of connections: 11

 

forti ssl.png

5348
0 Kudos
WalterNet
New Contributor

Created on ‎01-20-2022 10:51 AM

Did you manage to get this resolved?

4916
0 Kudos
btan
Staff
Staff

Created on ‎01-20-2022 04:46 PM

Hello,

 

You may try using below command:
# config system global
    set policy-auth-concurrent 1
end

Refer: https://community.fortinet.com/t5/FortiGate/Technical-Tip-policy-auth-concurrent-system-global-comma...

Since you are on FortiOS 6.4.4, you can also try upgrade to FortiOS 6.4.6 to see if it hit this known bug.

 

 

Regards,
Bon
4879
0 Kudos
ReseauSL
New Contributor

Created on ‎01-25-2022 10:16 AM

I had that same new problem intermitent with a few of my customers running 6.0.14 or 5.6.11. The Fortigate seem to keep in memory the IP address of the previous connections from that same user, doesnt clear his cache.

4819
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.