Chapter 16 SSL VPN for FortiOS 5.0 : Basic Configuration : Configuring security policies : Firewall addresses
  
Firewall addresses
Before you can create security policies, you need to define the firewall addresses you will use in those policies. For both web-only and tunnel mode operation, you need to create firewall addresses for all of the destination networks and servers to which the SSL VPN client will be able to connect.
For tunnel mode, you will already have defined firewall addresses for the IP address ranges that the FortiGate unit will assign to SSL VPN clients.
The source address for your SSL VPN security policies will be the predefined “all” address. Both the address and the netmask are 0.0.0.0. The “all” address is used because VPN clients will be connecting from various addresses, not just one or two known networks. For improved security, if clients will be connecting from one or two known locations you should configure firewall addresses for those locations, instead of using the “all” address.
To create a firewall address, in the web-based manager, go to Firewall Objects > Address > Address, and select Create New.
See Also
Create an SSL VPN security policy
Create a tunnel mode security policy
Split tunnel Internet browsing policy
Enabling a connection to an IPsec VPN