If it' s still needed... here' s what I did to get the SSL VPN working with MR6 Build 668 (p2). My VPN' s were working fine with MR5 Patch 5, but memory management was awful... that' s why I upgraded. I didn' t have to change the SSL VPN config or the User Group config, AND, I left the orignal policy for SSL VPN access: SRC: WAN1 - Addr: all --> DST: Internal - Addr: Internal_Network - Action SSL VPN - Added my user group to the Allowed: groups * note... the source address should be set to " all" not your SSL-VPN address range BUT... you need to add two more policies and a static route: New Policy 1... SRC: internal - addr: Internal_Network --> DST: ssl.root - addr: all - Action: Any New Policy 2... SRC: ssl.root - addr: all --> DST: internal - addr: Internal_Network - Action: ANY Static Route... Destination IP/Mask: <SSL-VPN IP addy range>/24 (your range and subnet) Device: ssl.root I have tested this on 3 of the 250+ firewalls I support (they are a mix FGT-50A, FGT-60, FGT-50B and FGT-60B) and it works great. MR6 Patch 2 works well too. The ssl.root port gives you the ability to route SSL-VPN traffic through IPSec VPN' s and vice versa... but I haven' t tested that yet. Hope that helps... Bradley PS... there is an SSL-VPN client in the MR7 download folder on the FTP site. It works with Windows, Linux and Mac. But only the Windows client will work with MR5, MR6 & Mr7. The Linux and Mac client only works with MR7.