In this article, we are going to discuss on How to fix FortiGate SSL VPN multiple active connections, How to create multiple SSL VPN in FortiGate in your device. You are provided here with easy steps/methods to do so. Let’s starts the discussion.
Table of Contents
What is Fortinet FortiGate?
Fortinet is service designed & developed to promote flawless convergence and pioneer of secure networking that can scale to location including remote office, branch, campus, data center and cloud. FortiGate is service from Fortinet provide deep visibility and security in variety of forms factors including container firewalls, virtual firewalls and appliances. FortiNet’s FortiGate is next-generation firewalls (NGFW) designed to provide organizations supreme protection against web-based network threats.
FortiGate firewalls integrate with FortiGuard Labs security services to extend and strengthen an organization’s overall security efforts from network edge to core. FortiGate features to protect company networks from malware & security exploits, advanced security processor technology to drive industry-leading security performance, provide a multitude of flexible networking capabilities and integrations, offers security teams an intuitive management console to efficiently build security automations and monitor security performances.
‘FortiGate SSL VPN multiple active connections’ issue:
Several ForniNet FortiGate users reported about this error problem and explained they experienced an unusual activity in FortiGate where FortiGate SSL VPN is showing multiple active connections for single user. They explained they notice multiple active connections for single users under ‘SSL – VPN Monitoring’ tool which is not possible as per FortiGate documentation. On other hand, The CLI shows that there is only 1 active tunnel connection per user.
Some users reported this issue can be fixed by setting the limited users to one SSL VPN connections at a time in SSL VPN portal settings in FortiGate.
According to FortiGate documentation, you can build 3 primary VPN tunnels and 3 backup tunnels setup in FortiGate. In sort, you have the ability to set your network to be constantly protected. The monitor command allows you to automatically set up a VPN tunnel, and you can monitor IPsec by going to IPsec Monitor and Selecting Status. However, users reported they faced SSL VPN multiple active connections in FortiGate. One possible way to fix the issue is to limit the user to on active SSL VPN connection at time. Let’s go for the solution.
How to fix FortiGate SSL VPN multiple active connections?
Method 1: How to create multiple SSL VPN in FortiGate?
Before doing this, you should check the number of users that FortiGate can support for SSL VPN and you need to check the data sheet of that particular unit. For example for FortiGate-500E: Concurrent SSL-VPN Users – 10,000, and (Recommended Maximum, Tunnel Mode). You can create multiple SSL VPN in FortiGate by applying below steps.
Step 1: From FortiGate GUI, go to ‘VPN > SSL VPN Protals’ and edit ‘SSL – VPN Protal’
Step 2: Enable ‘Limit users to one SSL-VPN Connection at a time’ option, and then check if it works for you.
Method 2: Limit users to one active SSL VPN connection using commands in CLI
You can also try to limit users to one active SSL PN connection using commands in CLI.
Step 1: Executes the following commands in CLI
# config vpn ssl web portal
edit <portal name>
set limit-user-logins enable
Step 2: If a user tries to establish another connection on the top of existing SSL VPN session, either from SSL VPN web portal or with FortiClient, you will see ‘You already have an open SSL VPN connection. Opening multiple connections are not permitted. Do you want to proceed and disconnect your other connection?’
Step 3: Select ‘Yes’ and existing session will be terminated.
I am sure this post helped you on How to fix FortiGate SSL VPN multiple active connections with easy ways. You can read & follow our instructions to do so. That’s all. For any suggestions or queries, please write on comment box below.
1: How many users can connect to FortiGate VPN?
A: The number of users that can be supported will be affected by the performance of FortiGate device itself, the number of users that will be using VPN simultaneously, and the amount of bandwidth that each user will require. Usually, FortiGate device should be able to support a large number of VPN users without any problems. FortiGate-500E is used as an SSL VPN tunnel mode. When a maximum of 10000 concurrent users are used, SSL VPN support is guaranteed. FortiGate IPsec VPN user limit is a maximum number of concurrent users that are allowed to use IPsec VPN connection.
2: Does FortiGate needs License?
FortiGate can be run without the need for license in standalone mode. It is not possible to provide any Fortinet support if FortiGate FortiClient Telemetry license is not licensed or if there is noEMS license. To gain access to the service, you must first obtain a license. FortiClient is standalone mode is support by Fortinet Forums.
3: How to create Multi Domain SSL Certificate?
Step 1: Create a copy of OpenSLL Config file
Step 2: Edit the config file and enable [v3_req]
Step 3: Enable SubjectAltName under [v3_req] section
Step 4: Add Alt name or SAN names in config file
Step 5: Generate privat key
Step 6: Generate CSR for multi-domain or SAN certificate
Step 7: Test CSR and it is done.