Hot!100 logged in admin sessions

Author
Jimmy
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/02/24 05:19:29
  • Status: offline
2018/05/11 14:32:06 (permalink)
0

100 logged in admin sessions

We run a Fortigate cluster of 2x 100E with version 5.6.2 but the last few days when I try to log in I need to disconnect a few users first as apparantly there are already 100 sessions.
 
According to the session logs the user admin would have been logged in 100 times already from 127.0.0.1 on HTTP, which is rather strange as we don't even have HTTP enabled, let alone that it says logged in from 127.0.0.1.
 
Anyone seen this before? I could reboot them during a maintenance window but would rather find the cause as to why first so it does not happen again.
#1

4 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 5108
    • Scores: 318
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: 100 logged in admin sessions 2018/05/11 15:28:36 (permalink)
    0
    Yes this is probably normal but I would guess yoru jsconsoel connections are left open. Next time execute  a cli-cmd diag sys admin list  or get system admin  and look for any  jsconsole.
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #2
    cjw
    New Member
    • Total Posts : 6
    • Scores: 3
    • Reward points: 0
    • Joined: 2018/05/06 18:13:38
    • Status: offline
    Re: 100 logged in admin sessions 2018/05/11 18:46:37 (permalink)
    5 (2)
    I've seen the same thing too. I can assume your are running the FortiAnalyzer (FAZ) ?
     
    In my case, I only saw this happen during the following conditions:
    1. Using multiple VDOMs
    2. The admin profile for the FAZ user (I keep them separate) has read-only permissions
    3. The FAZ is running v6.0
     
    My resolution was to grant the faz user the super_admin profile.  Apparently if your FGT is running 6.0 as well, there is a single permission that it needs read/write but that doesn't exist in <=5.6. 
     
    I hope this helps... 
    #3
    Jimmy
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/02/24 05:19:29
    • Status: offline
    Re: 100 logged in admin sessions 2018/05/12 06:28:55 (permalink)
    0
    We're still running 5.6 on both Faz and FGT but it seems this was as one time thing for now as we rebooted the master FGT and the issue went away.
    #4
    menayoub
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/02 07:34:54
    • Status: offline
    Re: 100 logged in admin sessions 2019/02/06 00:02:02 (permalink)
    0
    Hello;
     
    I had the same issue once .
    The solution was to remove the admin user and password used for the first conncetion between the FAZ and the FGT.
     
     
     
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5