Hot!Allow only one loggin for same username on SSL VPN

Author
Plima
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/07/23 07:26:40
  • Status: offline
2018/07/23 07:42:30 (permalink) 5.6
0

Allow only one loggin for same username on SSL VPN

Hi Everyone,
 
I have a user group where I only want to allow one session by user. In other words, if the user ABC is logged on the VPN Client and other user log in with the same user (ABC) the result will be denied. I want this for all users in the firewall group.
 
Is that possible?
 
thanks
#1

10 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1118
    • Scores: 66
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/07/23 09:25:46 (permalink)
    0
    This seems to be the same conversation.
    https://forum.fortinet.com/tm.aspx?m=159319&tree=true
     
    #2
    emnoc
    Expert Member
    • Total Posts : 4988
    • Scores: 306
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/07/23 10:41:45 (permalink)
    0
    You can set that in the ssl setting to the number of concurrent  vpn users. IIRC it works like this, 
     
    1: User TEST logins 
     
    2: now user TEST attempts to login in , the firewall warns this to this new request with the action to disconnect the 1st user TEST session
     
    https://forum.fortinet.com/tm.aspx?m=159319
     
    Ken
    post edited by emnoc - 2018/07/23 10:43:11

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #3
    Plima
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/23 07:26:40
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/07/24 02:04:18 (permalink)
    0
    toshiesumi
    This seems to be the same conversation.
    https://forum.fortinet.com/tm.aspx?m=159319&tree=true
     


    emnoc
    You can set that in the ssl setting to the number of concurrent  vpn users. IIRC it works like this, 
     
    1: User TEST logins 
     
    2: now user TEST attempts to login in , the firewall warns this to this new request with the action to disconnect the 1st user TEST session
     
    https://forum.fortinet.com/tm.aspx?m=159319
     
    Ken



    Hi both,
     
    I've tried that, but not successful
     
    thanks
    #4
    emnoc
    Expert Member
    • Total Posts : 4988
    • Scores: 306
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/07/24 06:08:32 (permalink)
    0
    Is it the same fortigate  for the two logins? Did you run any diag debug app sslvpn -1 and monitor what the firewall thinks
     
    Ken

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #5
    Plima
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/23 07:26:40
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/07/24 07:42:59 (permalink)
    0
    emnoc
    Is it the same fortigate  for the two logins? Did you run any diag debug app sslvpn -1 and monitor what the firewall thinks
     
    Ken




    Hi Ken,
     
    Is the same Fgt. Yes I run the debug and don't spot anything unusual.
     
    The user came from LDAP, is that relevant?
     
    Thanks
    #6
    Ashu
    Gold Member
    • Total Posts : 122
    • Scores: 10
    • Reward points: 0
    • Joined: 2015/04/17 04:33:45
    • Location: Muscat,Oman
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/09/12 10:13:57 (permalink)
    0
    Hi ,
     
    Any solutions to this problem .I am facing similar issue .
     
    The Below command configured for LDAP group as well as Local group .Don't work .Appreciate for expert advice .
     
    # config user group
    # edit "fortilab_exchange"
    # set auth-concurrent-override enable
    # set auth-concurrent-value (1-100)
    # end



     
    Regds,
     
    Ashik
    #7
    Prab
    Bronze Member
    • Total Posts : 54
    • Scores: 4
    • Reward points: 0
    • Joined: 2017/12/04 01:30:25
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/09/12 13:43:34 (permalink)
    0
    Plima
    Hi Everyone,
     
    I have a user group where I only want to allow one session by user. In other words, if the user ABC is logged on the VPN Client and other user log in with the same user (ABC) the result will be denied. I want this for all users in the firewall group.
     
    Is that possible?
     
    thanks




     Yes, under the SSL-VPN Portal select your portal and enable the "Limit Users to One SSL-VPN Connection at a Time" option. You could use the CLI command too:
    FGT# config vpn ssl web portal
    FGT (portal) # edit web-access  <-- Portal name
    FGT (web-access) # set limit-user-logins enable
     
    Hope it helps!
    Prab
     
    #8
    Ashu
    Gold Member
    • Total Posts : 122
    • Scores: 10
    • Reward points: 0
    • Joined: 2015/04/17 04:33:45
    • Location: Muscat,Oman
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/09/13 02:18:18 (permalink)
    0
    Hi,
     
    I need this configuration for Tunnel access not web .
     
    Any idea.
     
    Regds,
     
    Ashik
    #9
    Eder_Lima
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/02 07:31:05
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/09/13 05:33:24 (permalink)
    0
    This configuration can also be used for tunel mode.
     
    FGT01 (full-access) # show
    config vpn ssl web portal
        edit "full-access"
            set tunnel-mode enable
            set web-mode enable
            set limit-user-logins enable
            set ip-pools "SSLVPN_TUNNEL_ADDR1"
            set split-tunneling-routing-address "DMZ" "LAN"
            config bookmark-group
                edit "gui-bookmarks"
                next
            end
            set theme green
        next
    end

    FGT01 (full-access) # set limit-user-logins
    enable     Enable setting.
    disable    Disable setting.
     
    limit-user-logins                     Enable to limit each user to one SSL-VPN session at a time.



    NSE4, NSE5, NSE6, NSE7
    CCNA R&S, CCNA Wireless, HCNA
    #10
    Prab
    Bronze Member
    • Total Posts : 54
    • Scores: 4
    • Reward points: 0
    • Joined: 2017/12/04 01:30:25
    • Status: offline
    Re: Allow only one loggin for same username on SSL VPN 2018/09/13 23:49:53 (permalink)
    0
    ashik
    Hi,
     
    I need this configuration for Tunnel access not web .
     
    Any idea.
     
    Regds,
     
    Ashik


    The configuration mentioned is applied to for both Tunnel and Web access. You just need to activate the mode (Web/Tunnel) in the VPN portal itself. ;)

     
    Thanks,
    Prab
     
    post edited by Prab - 2018/09/13 23:51:56

    Attached Image(s)

    #11
    Jump to:
    © 2018 APG vNext Commercial Version 5.5