SNAT - Per user session count limit
I'm trying to impose some NAT table safeguards to prevent abuse from malicious or infected clients on a large public facing WiFi network (INSIDE, private address space). This includes udp and tcp timeouts which ensure sessions are closed in a timely manner if a client drops off the network non-gracefully(no fin or reset packets sent to close connections).
Something we do on our older Cisco based platform is set a per user (per inside IP) limit on the maximum number of sessions any single inside IP can establish through the NAT. This prevents scanning behaviour and other malicious activities from exhausting the NAT table for the firewall/public IP pool, which we've experienced before. Is it possible to impose this kind of safeguard in FortiOS?