• Upon configuring dial-up settings and enabling split tunneling, the user has to select accessible networks:

• As shown in the above screenshot, the user can select all (0.0.0.0/0) as a member of the accessible network group configured under the VPN settings.
  
  
• So, upon connecting to the VPN, the user will lose internet connectivity since there is no policy configured from the VPN tunnel to the WAN interface, as the user has enabled split tunneling to route only internal traffic through the tunnel.
  
  
• If an object group is used, adding the FABRIC_DEVICE address will cause all traffic to route to FortiGate because the object subnet was (0.0.0.0/0). Removing the FABRIC_DEVICE will resolve the issue

Solution:
Double-check and confirm that only the desired subnets are specified under the VPN-accessible network settings.

Check the route print on the command line of the machine. If there is a 0.0.0.0/0 route pointing to the VPN, the client will lose internet connectivity.

Additionally, make sure the split tunnel address group under the VPN settings does not have a range. A particular IP or the whole subnet is preferred.

Related articles:

Technical Tip: Enable split-tunnel For IPsec VPN

Troubleshooting Tip: Full tunnel and Split Tunnel endpoint route comparison

Troubleshooting Tip: DNS resolution over IPsec/SSL VPN