In some cases, Guest VLAN users have restricted Internet access when connected through the Fortigate.
If the user needs to connect to the SSL VPN which is configured on the WAN port, the IPv4 policy is required to have access to the port configured for the SSL VPN.
Check the traffic direction to find the internal port and SSL-VPN configured port.
Thereafter, configure IPv4 policy to allow traffic from the Guest VLAN interface to the WAN interface and add service as the port configured for SSL VPN.
Source NAT should be disabled in the reference IPv4 policy.
In this way, Fortigate will allow the SSL VPN negotiation traffic from the Guest LAN user to the WAN port to establish the connection.