In any case this is not relevant to web filtering.
In case you want to allow a user from internal network to access a vpn gateway:
Define a static ip for the specific user's pc.
Create a rule from your internal network to internet with source the user's ip and destination the vpn gateway ip, use vpn port at the service tab and allow this traffic with NAT.
Place this rule above your global rule for accessing the internet
In case you want a remote user to access your infrastructure:
Create a local firewall user which will be used at your VPN settings.
Create a rule with:
From: sslvpn virtual interface
To: any internal or external interface
Source: your ip range from vpn settings AND your localy created user
Destination: all or any specific ip you want the user to have access to
Network Engineer/IT Administrator