Hi,
you need to create a security policy that is allowing traffic only from users to that specific server.
Something like below: Lets say the users that are connecting are in zone VPN
the server lives in zone servers.
vpn users: 10.1.0.0/24
server ip : 172.16.1.2/24
First you need to make some addresbook entry's
set security zones security-zone VPN address-book address VPN-USERS 10.1.0.0/24
set security zones security-zone SERVERS address-book address SERVER1 172.16.1.2/24
now you can make a policy allowing everything from the vpn users to that specific server
set security policies from-zone VPN to-zone SERVERS policy access_to_server1 match source-address VPN-USERS
set security policies from-zone VPN to-zone SERVERS policy access_to_server1 match destination-address SERVER1
set security policies from-zone VPN to-zone SERVERS policy access_to_server1 match application any
set security policies from-zone VPN to-zone SERVERS policy access_to_server1 then permit
(I have uses application any in this example, I used any on the applications you can also allow only one/more specific services like dns / http / https etc etc)
if your users are on a dynamic vpn in the untrust zone you can do something like this:
set security policies from-zone untrust to-zone SERVERS policy access_to_server1 match source-address VPN-USERS
set security policies from-zone untrust to-zone SERVERS policy access_to_server1 match destination-address SERVER1
set security policies from-zone untrust to-zone SERVERS policy access_to_server1 match application any
set security policies from-zone untrust to-zone SERVERS policy access_to_server1 then permit tunnel ipsec-vpn dyn-vpn
Hope this helps a bit