I'm facing this issue with the current implementation that we have.
We use the network 10.0.0.0/16 on our internal infra structure, if a client uses the forticlient on a guest wifi that uses the same subnet and connects to the forticlient the route will match to the internal guest wifi and not to the default route pointing to the fortigate.
My idea was to when the client connects to the ssl-vpn with the default route a route for 10.0.0.0/16 pointing to the tunnel should appear.
Do anyone had this same issue?
Also thought if is possible to do this on EMS and the "On Connect Script"
Our previous infra structure, cisco anyconnect that was possible.
There are few clarifications required to start to answer your question. Typically, if you are using 10.0.0.0/16 internally you would introduce NAT at your edge to protect your self from routing issues, as the one you describe.
Why do you have to use the same 10.0.0.0/16 for Guest WiFi network at the first place? It's for guests so wouldn't matter what IP range they get, would it? You're supposed to separate guest networks from corp/internal network for security reasons. Assigning a different subnet like 10.255.0.0/16 makes traffic/security management and troubleshooting much easier and avoid headaches.
Some devices will cache the last know IP. In most cases this is a function of the Operating System. For Windows you can test this by running a ipconfig to see the current value, ipconfig /release to force a stack reset, followed by ipconfig /renew, to force a DHCP discovery.