This detection rule identifies the event of a new VPN SSL Web Portal being added to a Fortinet FortiGate Firewall. The rule is particularly relevant within the context of changes to VPN SSL settings that can signify potential unauthorized access attempts, as such configurations are crucial in maintaining secure remote connections. The behavior of adding a VPN SSL Web Portal may be used by an attacker to facilitate persistent access, thus mandating the need for monitoring changes in these configurations. The rule triggers when there is an action involving the addition of a VPN SSL Web Portal, capturing these alterations for further scrutiny. While adding a portal can be legitimate, this alert provides crucial insights for identifying potential threats, thereby enabling timely response to suspicious modifications that might compromise network security.