Technical Tip: Not possible to create firewall policy for SSL VPN interface getting 'error -651: Input value is invalid'

There would be scenarios before the deployment of the firewall onsite where it is necessary to create all required policies and configure interfaces as needed. 

The below example is a scenario creating an SSL VPN before deployment.

After configuring the required SSL VPN either a split-enabled portal or a split-disabled portal:

SSL VPN full tunnel for remote user

Below is the SSL VPN settings example for the current error scenario:

• When creating a firewall policy, an error as below is received:

• Even though it is possible to create a firewall policy in the disabled state, it is not possible to enable the firewall policy and a similar error as above will be received.
• If trying to enable the firewall policy from CLI, the error can appear:

• This error appears if the certificate under SSL VPN settings is missed as shown in the above picture. To avoid the error, choose at least the factory default certificate on FortiGate until getting CA signed SSL certificate. Once corrected, that will be possible to create a firewall policy.

• When comparing the current image with the initial SSL VPN configuration there is a server certificate missing from image1.

In the below screenshot, it is possible to enable the firewall policy without any error.