FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 196413

This article describes how to configure secondary ip address for SSL-VPN on a FortiGate.

A FortiGate will display only primary IP address of the specified interface as a 'Web mode access will be listening at' in SSL-VPN Settings:

However, if secondary IP addresses are configures under that specified interface, it will be possibleto connect to the SSL-VPN server (FortiGate) by using those secondary IP addresses:

1) Configure secondary IP address/es and verify it in SSL-VPN Settings:
2) Connect to the SSL-VPN server by using secondary IP address via web and tunnel mode:


# get  vpn  ssl monitor  
SSL VPN Login Users:
 Index   User    Auth Type      Timeout         From     HTTP in/out    HTTPS in/out
 1       ssluser    2(1)         290  0/0             0/0

SSL VPN sessions:
 Index   User    Source IP         Duration        I/O Bytes       Tunnel/Dest IP
 0       ssluser   285        155966/37084

# diagnose  sys  session list | grep -f 10443 -A 7 -B 10

session info: proto=6 proto_state=01 duration=202 expire=3599 timeout=3600 flags=00000000 sockflag=00000004 sockport=0 av_idx=0 use=4
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/0
state=local may_dirty
statistic(bytes/packets/allow_err): org=208009/1083/1 reply=74149/1037/1 tuples=2
tx speed(Bps/kbps): 500/4 rx speed(Bps/kbps): 119/0
orgin->sink: org pre->in, reply out->post dev=7->13/13->7 gwy=
hook=pre dir=org act=noop>
hook=post dir=reply act=noop>
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=4294967295 auth_info=0 chk_client_info=0 vd=0
serial=00c6ece5 tos=ff/ff app_list=0 app=0 url_cat=0
rpdb_link_id = 00000000 ngfwid=n/a
dd_type=0 dd_mode=0
As an alternative solution, a loopback interface can be used:
1) Configure a loopback interface and specify IP address wanted to be used for SSL-VPN connection.
2) Specify this loopback interface in SSL-VPN Settings.

The IP address on the loopback interface has to be accessible to the SSL-VPN clients.

Related document.