Login limits not being applied to Mobile VPN users backed by RADIUS server

We have IKEv2 Mobile VPN setup on our M370's and have configured the user group for these users to limit concurrent sessions to 1.

However this is not working, with users listed in the "System Status -> Authentication List" (of the Fireware Web UI) as have an "Unlimited" login limit.

Not sure if relevant but the user group is backed by RADIUS Authentication (because we cannot use AD Authentication server for IKEv2 Mobile VPN - but that's another issue).

How do we get the concurrent login limit to apply?

Comments

  • "To limit concurrent user sessions for mobile VPN users, you must use Mobile VPN with IKEv2 and Firebox-DB user accounts. You cannot limit concurrent user sessions for Mobile VPN with IKEv2 users with accounts on third-party authentication servers. You cannot limit concurrent user sessions for Mobile VPN with L2TP, Mobile VPN with SSL, or Mobile VPN with IPSec users with Firebox-DB accounts or accounts on third-party authentication servers."

    Use Users and Groups in Policies
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/define_users_groups_about_c.html

  • edited April 2021

    ****Woa! Wait what... that sentence confuses me. What can you limit them with then? The second half seems to contradict the first in that the first says you must use Firebox-DB user accounts, but the latter half says you cannot limit them with Firebox-DB user accounts?

    Either way, that's a pretty useless feature then and not very "enterprisey".
    :disappointed:

  • You can only limit IKEv2 when using Firebox-DB, no others.
    You can't limit any mobile user VPN using any other auth sever type.

    Agreed.

Sign In to comment.