Can I disable Ipsec VPN ?
or I want to be able to connect only from specified ip.
( I want to block UDP 500, 4500 Port from the outside -> It it now open. )
I want to use SSL VPN only.
( Fortigate 110C, v5.2.0 )
You can configure a local in policy from CLI and block port 4500 and port 500 to the fortigate.
config firewall local-in-policy
NSE Certified : Level 8
It would be cleanest to remove the IPsec config if you plan not to use it. A local-in policy is the way to narrow down the source by address, range or country if you need the IPsec VPN.
As best practice, move the SSLVPN port to a higher number, e.g. 30443. Would be more difficult to hit without extensive port scanning. Only drawback: some hotel could be overprotective and not allow high ports/non-standard ports.
You can disable it or can set some specific Public IP to allow access to the VPN. This can archive from policy configuration.