Thanks! You’re not wrong it’s all about what methods you use to further secure. Including 1. Put the ssl vpn interface on a loopback then you can use security policy’s. 2. Place the ssl vpn in its own vdom. 3. Where possible use geo-ips in policy or block the known baddies! Other vendors have horrific vulnerabilities also it’s just the game we are in! Some of the recent vulnerabilities have been bad yes but often only impacting devices with poor configuration for example who sends devices out without local in policy’s configured!
Also if you have FortiClient/EMS then you can restrict SSL VPN to only accept connections from "known" registered serial numbers on your EMS. Its another great way of adding further protection - community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-SSL-VPN-and-Dial-up-IPsec-to-only-devices/ta-p/214456