Monitoring SSL VPN users
You can monitor web-mode and tunnel-mode SSL VPN users by username and IP address.
To monitor SSL VPN users, go to Monitor > SSL-VPN Monitor. To disconnect a user, select the user and then select the Delete icon.
The first line, listing the username and IP address, is present for a user with either a web-mode or tunnel-mode connection. The Subsession line is present only if the user has a tunnel mode connection. The Description column displays the virtual IP address assigned to the user’s tunnel-mode connection.
For more information about SSL VPN, see the FortiOS Handbook SSL VPN guide.
To monitor SSL VPN users – CLI:
To list all of the SSL VPN sessions and their index numbers:
execute vpn sslvpn list
The output looks like this:
SSL-VPN Login Users:
Index User Auth Type Timeout From HTTPS in/out 0 user1 1 256 172.20.120.51 0/0
SSL-VPN sessions:
Index User Source IP Tunnel/Dest IP
0 user2 172.20.120.51 10.0.0.1
You can use the Index value in the following commands to disconnect user sessions:
To disconnect a tunnel-mode user execute vpn sslvpn del-tunnel <index>
To disconnect a web-mode user
execute vpn sslvpn del-web <index> You can also disconnect multiple users:
To disconnect all tunnel-mode SSL VPN users in this VDOM execute vpn ssl del-all tunnel
To disconnect all SSL VPN users in this VDOM execute vpn ssl del-all