Hot!FortiClient Licensing / Concurrent sessions

Author
Jan_1966
New Member
  • Total Posts : 12
  • Scores: 2
  • Reward points: 0
  • Joined: 2020/02/11 19:16:30
  • Status: offline
2020/03/19 22:58:11 (permalink)
5 (1)

FortiClient Licensing / Concurrent sessions

Hi,
 
I hope someone can help me as I am still struggling with Fortinet Licensing structure.
We have a fortigate 301e running 6.0.4.We tested with the free 10 FortiClient that the Firewall comes with and all seemed fine.
 
Now we purchased a 50 License pack FortiClient EMS and installed an EMS server where the clients register to.
We have currently 37 of our 50 FortiClients deployed most on version 6.2.6 and some still on 6.0.9. They are all registerd to the EMS server.
 
However when it comes to Remote Access we still seem to have the limit of 10 concurrent IPsec dial up tunnels. What do I need to do to be able to allow more than 10 concurrent IPsec Dial up tunnels?
After the 10 sessions any new session doesn't seem to connect or even sometimes kicks out another session.
 
With the current COVID 19 issues we really need to increase our number of concurrent Remote Access VPN sessions.
 
Many thanks.  
#1

5 Replies Related Threads

    Markus
    Gold Member
    • Total Posts : 217
    • Scores: 28
    • Reward points: 0
    • Joined: 2015/03/19 07:30:23
    • Location: Switzerland
    • Status: offline
    Re: FortiClient Licensing / Concurrent sessions 2020/03/19 23:50:13 (permalink)
    0
    Hi Jan

    For the VPN Part, you don't need FC Licenses on the FG. As far as I know, the License is only necessary if you like to do Telemetry.

    https://forum.fortinet.com/tm.aspx?m=110974
     
    https://www.forticlient.com/
     
    Good luck
    Best
     
    #2
    ShawnZA
    Silver Member
    • Total Posts : 90
    • Scores: 11
    • Reward points: 0
    • Joined: 2018/04/02 23:31:22
    • Location: Cape Town
    • Status: offline
    Re: FortiClient Licensing / Concurrent sessions 2020/03/20 01:11:30 (permalink)
    0
    Did someone not set a limit perhaps? If you go to Global Resources, then look under VPN, perhaps a limit set on the last one "Dial-up Tunnels"?
     

     
     

    Attached Image(s)

    #3
    TecnetRuss
    Bronze Member
    • Total Posts : 22
    • Scores: 8
    • Reward points: 0
    • Joined: 2017/02/27 13:14:44
    • Status: offline
    Re: FortiClient Licensing / Concurrent sessions 2020/03/21 19:32:26 (permalink)
    0
    When you created your IPSec Remote Access VPN did you give it a name that was 13 characters long?
     
    In the VPN Creation Wizard (Remote Access), as you type in the name you'll see the following warnings based on the length of the name you give it:
    • 9 characters or less = no warning
    • 10 characters = "10000 concurrent user(s) will be supported"
    • 11 characters = "1000 concurrent user(s) will be supported"
    • 12 characters = "100 concurrent user(s) will be supported"
    • 13 characters = "10 concurrent user(s) will be supported"
    • 14+ characters = "Please enter at most 13 characters"
    This has to do with the way each IPSec VPN session is named (see Markus's link).
     
    Russ
    NSE7
    #4
    Markus
    Gold Member
    • Total Posts : 217
    • Scores: 28
    • Reward points: 0
    • Joined: 2015/03/19 07:30:23
    • Location: Switzerland
    • Status: offline
    Re: FortiClient Licensing / Concurrent sessions 2020/03/22 07:37:03 (permalink)
    0
    Thanks Russ, for the clarification
    #5
    sonarden
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/22 11:33:10
    • Status: offline
    Re: FortiClient Licensing / Concurrent sessions 2020/03/22 11:50:44 (permalink)
    0
    I have a similar issue.  FG 300D with 5.6.12 and I cannot connect more than 10 IPSEC VPN users concurrently.  I have 25 licensed machines in Forticlient EMS 6.2
     
    Theoretically there should be 10,000 allowed tunnels for the VPN with a ten-char name from a device limitation standpoint.
     
    When 10 users are connected, no more can connect.
     
    The FG is not seeing the licenses in FortiClient EMS.
     
    My assumption is I have to upgrade the FG to 6.0.9 in order for the FortiClient EMS to be recognized in the security fabric.
     
    I have a support case in right now, but I think they are overwhelmed at the moment.  I am looking for a diag command to confirm the VPN user concurrency issue, and will update this if I find one.
    #6
    Jump to:
    © 2020 APG vNext Commercial Version 5.5