This article describes how to block SSL VPN listening on secondary IP configured on WAN interfaces but it still works on Primary IP WAN address. It is even possible to select if it is desired to block SSL VPN for a particular secondary IP address only.
Scope
FortiGate.
Solution
As shown below, FortiGate has 2 WAN interfaces in the SSL VPN config with multiple IP addresses configured on each interface.
To block listening for the SSL VPN interface, it is possible to make a local in policy and use secondary IPs as destination addresses to block SSL VPN traffic.
Step 1: it is necessary to make a new service that should have an SSL VPN Port.
Step 2: Now make sure to have the address object or address group of secondary IP addresses.
Step 3: Make a local in policy as shown below:
Now the SSL VPN traffic will be dropped by the local in policy for the secondary WAN IP addresses.