My guess is, that when you included IPSec interface into SD-WAN, you've created static default route via all SD-WAN members? So what is happening that some traffic is routed via ipsec tunnel, some via local internet connection. But this is just my assumption based on common problem. Probably, you want to have SD-WAN rule that for your internal traffic, you should use ipsec tunnel and for everything else use your local internet connection. You can share routing table and sdwan rules and we should be able to find the problem:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.