Even though VPN-WAN rule is disabled then also SSL-VPN Remote Access users are able to connect to SSL-VPN

What do you mean by this statement? Are you have problems with Users connecting or users using SSLVPN for internet connections? 

No! I do not have any problem but could not understand as to how SSL-VPN Remote Access users can connect if Firewall rule for SSL-VPN Remote Access --- VPN to WAN is disabled.

But

Yes there are 2 more rule that are SSL-VPN S2S LAN-VPN and VPN to LAN. 

Is that SSL-VPN Remote Access instead of throwing error the packets are passing to the above mentioned firewall rules, is it ? If so as per my knowledge it is incorrect

Please advise!

Firewall Rules have not effect on this. SSLVPN and other services are purely controlled by Device Access. 

Then why in one the Sophos techvids like video while explaining SSL-VPN they suggest for Firewall rule to be created w.r.t full-tunnel which I have already created. 

Also what is  SSLVPN and other services are purely controlled by Device Access.  ?

You mean to say in Sophos - Under Administration - Device Access ? If yes, then what to look for ?

SSLVPN is a service, which builds a tunnel. After the tunnel is establish, a connection will flow through SFOS. This connection traffic needs a firewall rule (VPN to LAN, VPN to WAN etc.). 

But to build up a tunnel, you need to have SSLVPN in Device Access enabled/disabled. 

Exactly my question is that only

If VPN-WAN rule required for SSL-VPN is disabled how come users are able to connect, Please advise. 

The Firewall does not reflect anything about SSLVPN. The Tunnel is allowed/denied in Device Access.

After the Tunnel is establish, the connection through firewall is allowed/denied via Firewall rule. 

The Firewall does not reflect anything about SSLVPN. The Tunnel is allowed/denied in Device Access.

After the Tunnel is establish, the connection through firewall is allowed/denied via Firewall rule. 

I got it!

But as per you mentioned

After the Tunnel is establish, the connection through firewall is allowed/denied via Firewall rule. 

Then why in my case even if the firewall rule is denied/disabled then also users are able to connect ?

SSLVPN Connection is not controlled by the Firewall rules. 

You can connect a SSLVPN Client via Device Access, but deny all connections by the client to anything. But the Tunnel is still connected. 

OK!

As per techvids, ssl-vpn if configured Full Tunnel then it is mandatory to create Firewall Rule but not in case of Split Tunnel

I think that the above statement is contradicting 

Your statement 

SSLVPN Connection is not controlled by the Firewall rules. 

You can connect a SSLVPN Client via Device Access, but deny all connections by the client to anything. But the Tunnel is still connected. 

Or I am not able to understand ...

You need to separate the TAP Adapter from the Connection of a application.

You can have a Tunnel enable, which means the client is able to send traffic to the firewall over the VPN Tunnel. 

On the firewall rule page, you can allow or deny the traffic coming "through" the tunnel. 

But the tunnel itself is not affected by the firewall rule. The tunnel can be controlled via Device Access.

You keep using the word "connect" and it sounds like you mean "send traffic through". Connecting to the firewall via SSL VPN is 100% controlled by your SSL VPN setting. Traffic flowing over the VPN and to somewhere else through the firewall is controlled -- as is all traffic flow -- via firewall rules. Two very different concepts.

I mean to say that users click on SSL-VPN client, connect to there required SSL-VPN Connection.

Till this I hope you are clear?

Now as soon as user gets connected they are able to RDP even though the firewall for SSL-VPN (VPN-WAN) is disabled, How ?