Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortiGuru
New Contributor

ssl vpn create multiple IPs on clients, why

We are having problem that some ssl vpn users have several ip tunnel

 

help.png

 

and that's create a problems with clients.

What cause this?

ga.png

 

 

6 REPLIES 6
Anonymous
Not applicable

Hello fortiGuru,

 

                     Thanks for reaching Fortinet Forum. Please make sure "Limit users to One SSL-VPN connection at a time" is enabled on the respective portal. If yes please provide the following information

 

- What is the firmware version of the firewall and the forticlient in question?

 

- Under the SSL-VPN monitor do you see this issue for all the users who connect?

 

- Also please collect the output for the following commands

 

#diagnose vpn ssl statistics all

#get vpn ssl monitor

 

 

 

hmogal
Staff
Staff

Hi FortiGuru,
"Limit users to One SSL-VPN connection at a time" ... this is one of the solutions.
Find out if user logins in using multiple devices.
Each Forticlinet should have 1 x IP address on the adapter.

Himanshu Mogal

fortiGuru
New Contributor

Thanks for replies. That option in portal is enabled.

Users use only 1 device per forticlient.
Firewall is:

 

FortiGate 200F
v6.4.4 build5543 (GA)
 
FortiClient is not a problem, we used from newest to earlier versions (from now), and still having problems.

command:

diagnose vpn ssl statistics all
SSLVPN statistics (all vdoms):
------------------
Memory unit: 1
System total memory: 8366841856
System free memory: 4799143936
SSLVPN memory margin: 629145600
SSLVPN state: normal

Max number of users: 30
Max number of tunnels: 30
Max number of connections: 31

Current number of users: 11
Current number of tunnels: 11
Current number of connections: 11

 

forti ssl.png

WalterNet
New Contributor

Did you manage to get this resolved?

btan
Staff
Staff

Hello,

 

You may try using below command:
# config system global
    set policy-auth-concurrent 1
end

Refer: https://community.fortinet.com/t5/FortiGate/Technical-Tip-policy-auth-concurrent-system-global-comma...

Since you are on FortiOS 6.4.4, you can also try upgrade to FortiOS 6.4.6 to see if it hit this known bug.

 

 

Regards,
Bon
ReseauSL
New Contributor

I had that same new problem intermitent with a few of my customers running 6.0.14 or 5.6.11. The Fortigate seem to keep in memory the IP address of the previous connections from that same user, doesnt clear his cache.

Top Kudoed Authors