To configure split tunneling you need to indicate what networks are from you intranet. For that, you can create an object like I called ip-intranet.
config vpn ipsec phase1-interface
edit "group1"
set type dynamic
set interface "vpninterface"
set mode aggressive
set peertype one
set mode-cfg enable
set ipv4-dns-server1 x.x.x.x
set ipv4-dns-server2 x.x.x.y
set proposal aes128-sha1 aes128-sha256
set localid "group1"
set localid-type keyid
set dhgrp 5
set wizard-type dialup-forticlient
set xauthtype auto
set authusrgrp "GroupRadius"
set peerid "group1"
set assign-ip-from usrgrp
set ipv4-split-include "ip-intranet"
set domain "internal.domain"
set include-local-lan enable
set save-password enable
set client-keep-alive enable
set psksecret pskpassword
set keepalive 60
next
[FirstName]
