we have a client who uses mainly IPSec mode with FortiClient. Chaning all users to SSL would be really difficult. The actual SSL VPN configuration is just backup with another WAN interface.
So he wants to restrict access to different users, for example so that one user group only has access to one host in the DMZ. Other users should have access to their PCs in a certain network range.
I thought we could create another IPSec with another group on the same WAN interface but it wouldnt work.