FortiGate WAN interface configuration:

config system interface

    edit "port1"

        set vdom "root"

        set ip 10.249.0.12 255.255.255.0

        set allowaccess ping

        set type physical

        set description "external"

        set alias "WAN"

        set lldp-reception enable

        set role wan

        set snmp-index 1

        set secondary-IP enable

            config secondaryip

                edit 1

                    set ip 10.249.0.5 255.255.255.0

                    set allowaccess ping

                next

            end

    next

Configure the SSL VPN using the below document:

SSL VPN full tunnel for remote user

To route the SSL VPN internet traffic over a secondary IP address.

Create an IP pool using a secondary IP address.

config firewall ippool

    edit "VPN BYOD IP"

        set startip 10.249.0.5

        set endip 10.249.0.5

    next

end

Create an SSL VPN firewall policy to route traffic over the internet using a secondary IP address.

    edit 35

        set name "SSLVPN for BYOD_egress"

        set uuid 8a54833e-58d9-51ef-7961-a945872168cd

        set srcintf "ssl.root"

        set dstintf "port1"

        set action accept

        set srcaddr "SSLVPN_TUNNEL_ADDR1"

        set dstaddr "all"

        set schedule "always"

        set service ALL

        set utm-status enable

        set ssl-ssh-profile "certificate-inspection"

        set logtraffic all

        set nat enable

        set ippool enable

        set poolname "VPN BYOD IP"

        set groups " AZURE "

    next

Troubleshooting:
Debug flow shows that traffic is SNAT using a secondary IP address.