Windows/Android platform dialup SSL VPN can connect normally to the internal servers by using FQDN with dns-server setting on SSL VPN to assign an internal DNS server.

iPhone will use a locally assigned (ISP assigned the public address) DNS server to send FQDN queries even the SSL VPN connected by FortiClient.

The public DNS server (ISP assigned) will never resolve the internal FQDN. Internal DNS server setting 10.1.218.5 for the FQDN thr.twtac.lab = 10.1.218.30.

 SSL VPN connected:

The internal FQDN thr.twtac.lab failed to access but IP address:

Added the DNS suffix for the internal domain and re-dialup SSL VPN:

config vpn ssl settings
    set ssl-min-proto-ver tls1-1
    set servercert "Fortinet_Factory"
    set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
    set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
    set dns-suffix "twtac.lab"    <----- The DNS suffix for the internal domain.
    set dns-server1 10.1.218.5    <----- The internal DNS server would not be assigned to iPhone.
    set source-interface "port1"
    set source-address "all"
    set source-address6 "all"
    set default-portal "tunnel-access"

The internal webpage can be accessed by the FQDN:

Troubleshooting:

If the access is still not working, verify if the DNS query is coming from the client end by performing a sniffer or Packet Capture:

diagnose sniffer packet any "host <client private IP over SSLVPN> and port 53" 4 200 l

If there is no DNS query from the client, verify that the domain is configured correctly. If the DNS query is not being replied to, verify further if it is allowed by FortiGate by running Debugging the packet flow

If a DNS query is being replied to, SYN is sent to the resolved domain, but it is not being replied to; verify if NAT is required on the policy being used.