1. Create a new SSL VPN portal and add the IP address of the specific internet network on the routing address override. If there is an existing portal, just add the IP address on the routing address override.
   
   
2. In this example, the IP for the acme.com is used.
   
   
3. Apply the created SSL VPN portal to the SSL VPN Group authentication and portal mapping.
   
   
4. Create a new firewall policy for the SSL tunnel interface to the WAN port.
   
   

The result:

Once connected to the SSL VPN client, it will inject the route to the specified internet network through the SSL VPN gateway.

The website is now accessible, and traffic is passing through the SSL VPN even though split tunneling is enabled.

Note: If the website to be added has multiple DNS IP addresses, it is necessary to add all of the subnets on the routing address override.

• Starting with FortiOS 7.6.3, SSL VPN tunnel mode has been removed from both the GUI and CLI.
• Settings related to SSL VPN tunnel mode will not be carried forward during firmware upgrades.
• This change applies to all FortiGate models.
• To ensure uninterrupted remote access, administrators must migrate their SSL VPN tunnel mode configurations to IPsec VPN before upgrading to FortiOS 7.6.3.