Are you trying to configure the FortiClients so that when they're connected to the corp network then the VPN is disabled?
Ifso you can do this if you have the FortiClients managed through EMS. EMS allows you to create 'on net' and 'off net' rules to dictate how FortiClient operates when it's on the corp network or off it.
There's multiple options available including the DHCP server, DNS server, subnet, default gateway or even the public IP that users would be on when connecting to the network.
Regarding CLI, you can also achieve this through command-line interface (CLI) using appropriate commands to configure the policy. However, using the GUI is generally more user-friendly and preferred for simpler configurations.
Is the SSL VPN set up with the same public IP as local user? I believe that most ISP should block traffic being NAT out and hit the same public IP again to prevent looping attack. You can also create a deny LAN-WAN policy with SSL VPN service and put it above regular Internet access policy.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.