Concurrent Global Protect user

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Concurrent Global Protect user

L0 Member

Need to know how many concurrent connections can have a single user

5 REPLIES 5

Cyber Elite
Cyber Elite

Look within your session browser (Under the Monitor Tab) and filter on a single IP in question.  There is no exact/consistent number or report.  It varies by the person.

Help the community: Like helpful comments and mark solutions

L4 Transporter

Hi @SamirK ,

 

Currently, no feature to restrict number of connections from a single user. You can follow the document https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClorCAC and filter with username to see the concurrent connections by a single user.

L7 Applicator

Hi @SamirK 

As already written by @Abdul_Razaq , there is no limit of the concurrent connections of a single user. The theoretical max is the max supported vpn connection count of the hardware/vm you are using.

 

(Quite a while ago I wrote a little script to terminate connections if a user is logged in more than once. So far this is still the only possibility to somehow restrict concurrent connections: https://live.paloaltonetworks.com/t5/general-topics/how-to-limit-concurrent-globalprotect-connection... )

L6 Presenter

Because I have seen similar issues like SamirK,  so for Globalprotect it is not like the issue with an RDP connection where there is only one session and if a script uses another username to connect the firewall  will overwrite the connection ip to user mapping (basically having a limit to just one connection per client source ip) ?

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleBCAS

Hi @nikoolayy1 ,

 

No, it is not the same. With the RDP scenario you will have multiple users related to same IP address and instead of keeping both it will override username with the last received.

 

Having multiple concurrent connections to GlobalProtect for the same user it will create multiple IP addresses related to same username, which is totally fine and all entries will kept. Because each successful login will assing you new IP from the pool.

 

  • 6269 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!