Hi !

Since 5.2 firmware there are a lot of changes in sslvpn (i.e. lack of WAN --> ssl.root polices for web-portal).

I use sslvpn very seldom - but now one of my customer upgraded from 5.0 to 5.2.

There are 2 tunnel (sslvpn) configurations and 5 web-portal configurations (for some partners).

In one particular web-portal we want to restrict access to few (or even one) public IPs but it doesn't work.

I've build policy :

          Incoming interface - ssl.root

         src addr - only_public_IP

         src users - partnerX_group_users

         Outgoing  interface - lan

         dst addr - Internal_Server_X

         schedule - always

         service - any

         action - accept

Everything works OK but I can login as partnerX and access Internal_Server_X from any public IP !!!!

Since there is no wan-to-ssl.root policy I understand that I can login to portal - but IMHO I shouldn't access Internal_Server_X. This is some kind of security issue.

Is it possible to restrict it ?