- On the FortiGate, go to VPN > SSL-VPN Portals, and edit the full-access portal.
- Go to VPN > SSL-VPN Settings.
- Assign the LDAPgroup user group to the full-access portal, and assign All Other Users/Groups to the desired portal. Select Apply.
- Select the prompt at the top of the screen to create a new SSL-VPN policy, including the LDAPgroup, as shown.
Disable Split Tunneling.
Under Connection Settings set Listen on Port to 10443.
Under Tunnel Mode Client Settings, select Specify custom IP ranges and set it to SSLVPN_TUNNEL_ADDR1.
Under Authentication/Portal Mapping, select Create New.