Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
suthomas1
New Contributor

ip pool for vpn

Hello everyone,

 

how does the fortigate ip pool work for users.

We have a object (vpn-pool) defined as 192.168.100.0/24. This is then applied to the Ip policy along with groups.

users get IP from 192.68.100.x once connected.

 

Query on this - 

1) how does it keep track of what ip's are in use, is there any command to check this?

2) why do users get subsequent ip's as ip and gateway (example, 192.168.100.1 as IP & gateway as 100.2 on ipconfig)

3) Is it possible to do a static IP reservation on this?

4) what is different between this pool and the actual dhcp function within fortigate?

 

Appreciate all inputs.

 

Suthomas
Suthomas
1 Solution
ede_pfau
Esteemed Contributor III

I get it that you are talking about SSL VPN.

Up until FOS v6.4 SSLVPN does not support DHCP assignment, in contrast to IPsec VPN where it has been working perfectly for years. So, no reserved allocation at all.

 

The 'next' address is IMHO a designation for a proxy. I really don't know if that means that you can only support 128 users on a /24 subnet.

 


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Ede"Kernel panic: Aiee, killing interrupt handler!"
2 REPLIES 2
ede_pfau
Esteemed Contributor III

I get it that you are talking about SSL VPN.

Up until FOS v6.4 SSLVPN does not support DHCP assignment, in contrast to IPsec VPN where it has been working perfectly for years. So, no reserved allocation at all.

 

The 'next' address is IMHO a designation for a proxy. I really don't know if that means that you can only support 128 users on a /24 subnet.

 


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Darkstar

1) Monitor - ssl-vpn monitor or firewall user monitor 2) Technical question probably with no impact, but id like to know too. :) 3) In ssl-vpn - no. 4) You can do DHCP onnly in custom ipsec tunnel, i made a topic on this, waiting for approval. Cant get it to work fully.

Labels
Top Kudoed Authors