This article describes that when an entry is tried to be added under ‘Authentication/Portal Mapping’ for SSL VPN clients, it throws the following error:
FortiGate 7.0, 7.2.
FortiGate will throw this error if there was a policy configured with the destination address as ‘ALL’ and the source address as any ‘user/user group’ that uses a portal that has split tunneling enabled.
In this scenario, policy 6 and ‘full-access’ portal is in the question.
It is possible to get this information from the error in the red dialogue box.
Either, it is possible to change the destination in policy 6 or to disable the split tunneling in ‘full-access’ portal.
After making any of these changes, it will be possible to add the same entry under ‘Authentication/Portal Mapping’ for SSL VPN Settings.