Probably out of OP's topic and should have a separate thread.
As I said "struggling" I'm still experimenting. VPN itself, either IPSec (site-to-site) or inbound SSL VPN, can still specify an individual interface, not SD-WAN (or virtual-wan-link). But you can't do the same with static routes. So it comes up and working as long as route is there to reach the other end. But I need to make sure the tunnel is not steered away by SD-WAN to another member interface with a rule in case of a static IPSec VPN. ...Or not. Still testing.
By any means I'm not an expert of FGT SD-WAN yet. Start a new thread. I haven't seen this topic before.