In FortiOS v7.6 and later, it is possible to configure the transport method to TCP, UDP or Auto. 

When configuring the VPN using the GUI, by using the Remote Access template, specific transport modes can be chosen as per the screenshot below:

However, upon saving the configuration, the background process selects the 'Auto' option instead of the specified one. 

config vpn ipsec phase1-interface
    edit "TCP"
        set type dynamic
        set interface "port3"
        set ike-version 2
        set peertype any
        set net-device disable
        set mode-cfg enable
        set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
        set comments "VPN: TCP -- Created by VPN wizard"
        set dhgrp 5
        set eap enable
        set eap-identity send-request
        set wizard-type dialup-forticlient
        set authusrgrp "ipsec"
        set transport auto  <-----------
        set ipv4-start-ip 192.168.10.1
        set ipv4-end-ip 192.168.10.200
        set ipv4-netmask 255.255.255.0
        set dns-mode auto
        set psksecret ENC

    next
end

To work around the issue, the setting can be changed manually via the CLI:

config vpn ipsec phase1-interface
    edit "TCP"
        set transport tcp
    next
end

This GUI issue is resolved in v7.6.3.

For more information on IPsec TCP encapsulation, refer to the following document: Encapsulate ESP packets within TCP headers.