I don't know if it's your case (you don't specify the platform), but on the forticlient 6.4.0 for linux there's an issue that breaks this feature, that's supposedly fixed on 6.4.1 that will be released at the end of the month.
hm I cannto speack for ssl vpn but I know this from IPSec. Maybe it is the same with ssl vpn?
If I set a tunnel to do split dns the options in ipsec config are rather the same. You set dns-server1 and 2 and a domain/suffix. However it won't work because there is an option dns mode that is not visible in gui in ipsec config. It is set to "auto" by default which prevents split dns from working. It has to be set to "manual" on cli to make split dns work.
I don't have a clue why fortinet didn't include this in gui as it is that important.
Maybe there is the same issue with split dns and ssl vpn too?
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
80E with 6.2.6 firmware and 6.4.2 Forticlient VPN - no internal DNS resolution over SSL VPN. Can ping the internal DNS server IP but not the FQDN. NSLOOKUP times out.
I've wasted a whole day on this ****. Finally found this post, installed 6.2.6 and the problem goes away instantly.
Fortinet needs to get their $hit together. This is ridiculous. I'm IT director for 200 people and have one assistant. We don't have time to run test labs for every single change we make. There are certain things that should just WORK. Period. Like a utility. Completely inexcusable.