FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 198208
This article describes how to configure Dial-UP VPN with group based firewall policies to restrict network access to the user group defined in firewall policies.

From GUI:

1) Once the VPN Dial up tunnel is created, please change the User Group to “Inherit from Policy”

- Go to VPN -> IPsec -> Tunnels and edit the tunnel.
- Configure User group as 'Inherit from Policy'.

2) Make sure that the user group is added to the firewall policy configured for the VPN.

From CLI:

1.    Configure the VPN tunnel and make sure that ‘set xauthtype auto’ is configured and there is no user group configured.
# config vpn ipsec phase1-interface
    edit "Test_vpn"
        set type dynamic
        set interface "port2"
        set xauthtype auto
2) Under the policies configure the user group:
# config firewall policy
    edit 1
        set name "vpn_policy"
        set srcintf "Test_vpn"
        set dstintf "port1"
        set srcaddr "vpn_range"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set groups "vpn-group"  
In this example the user get recognized as a member of the group 'vpn-group'; the group can be used then in the firewall policies.