IPSEC VPN without overriding client DNS?

I'm trying to configure an IPSEC VPN but when the tunnel comes up, the clients machines DNS server settings are overridden with either the Fortigate DNS or 0.0.0.0 if I delete the DNS servers from the config.

This has the effect of breaking name resolution for remote on their local systems.

Scenario: We host a few VMs for a client who has the own on-prem DNS. Occasionally they use the forticlient to VPN into the servers that we host but as soon as they do, their internal machines disappear. 

Running an IP config I can see that whilst their systems DNS is still present, the FortiGate supplied DNS servers are higher up in the list. What the best way to handle this (I can't realistically expect the customer to do any particular local config).