L2TP/IPSEC trouble with concurrent sessions
Hello! I have two Fortigate-100D OS 5.6
working in cluster and configured with enabled VDOMs.
Users created in Radius and Fortigate successfully auth it, L2TP/IPSEC working fine
.I need to limit one sessions per user.
For example user can connect to VPN from account on smartphone and on PC, but our purpoise to do only 1 active connection per user
, that belong to Radius usergroup. Is option on fortigate to do it?
Also I try to use options, that allow users can connect to VPN from same external IP
. Users from remote office with NAT (with same external IP) need to connect our VPN. I set up for my Radius-vpn group auth-concurrent-override enable and limit it to 50 sessions - set auth-concurrent-value 50
, but it does not work. When first user connected to VPN, second user after succsessfull connection knocks out established first user. Why?
config user group
set auth-concurrent-override enable
set auth-concurrent-value 50
set member "Radius_server"
Also I show my global config, this I also add rule set policy-auth-concurrent 50
- but it also no effect:
config system global
set admintimeout 20
set disk-usage log
set hostname "fortigatecluster1"
set policy-auth-concurrent 50
set switch-controller enable
set timezone 83
set vdom-admin enable
Thank you for help.
post edited by antooo - 2017/10/17 00:24:38