To reserve an IP address for a specific user, it is required to assign a separate SSL VPN Portal with a unique Source IP Pool to a user. The example below shows how to reserve IP addresses for User1 and User2. 

• User1 -> 192.168.100.1.
• User2 -> 192.168.100.2.

Assuming User1 and User2 are already created:

1. Go to Policy & Objects -> Addresses, and create two address objects for '192.168.100.1/32' and '192.168.100.2/32'.

2. Go to VPN -> SSL VPN Portals, and create an SSL VPN Portal for User1 with Source IP Pools = 192.168.100.1/32.

Repeat the same thing for User2, but with Source IP Pools = 192.168.100.2/32.

3. Go to VPN -> SSL-VPN Settings -> Address Range, select 'Specify custom IP ranges', and add '192.168.100.1/32' and '192.168.100.2/32' under IP Ranges. Under Authentication/Portal Mapping, map each user to the corresponding portal. 

4. Go to Policy & Objects -> Firewall Policy, create a policy with the correct source addresses and users as shown below:

Results when User1 and User2 are connected. 

It is important to note that there is a limited number of SSL-VPN Portals that can be created based on hardware models and firmware versions. Refer to the Maximum Value Table for 'vpn.ssl.web.portal'. 

Related article: 

Technical Tip: SSL VPN with external DHCP Server - Fortinet Community