this would sound like the routing table on the Android is not done properly. This setting affects the DNS setting in the way that the DNS queries and traffic for internal sites are directed through the tunnel and everything else goes elsewhere.
With Android you might be able to check the "route -n" on a terminal app. You can also install an opensource packet capture called "pcapdroid". Capture traffic from one specific application only (it doesn't matter which one), and see whether the traffic is being responded to.
On FGT you should check if you see the traffic generated by the client (meant for internal destinations (traffic log, packet capture).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.