Yes it is possible. You already achieved one part I gues as you have established the vpn and you now have no internet. That tells me you do not use split tunneling so your client's default route was rewritten and the traffic goes thru office lan already.
You now have to have a policy at the remote end FGT that allows you to access the internet coming from your vpn.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Now, you are able to successfully connect to the 40F and access resources from the HQ but there is no Internet access. If my understanding is correct, on the HQ firewall, assuming is also a FortiGate, you would need to create a firewall policy that has as source interface the IPsec tunnel interface with 40F and destination interface the Internet facing one. You have to enable NAT on this policy.