Just to chime in:
You already protect your FGT by a local-in geo-based policy. That is good, though recently not good enough. Most likely your WAN address got some attention from a botnet, using US based bots. In this case, the geo filter will not suppress these attempts.
This kind of relentless attacks is very well known, in any location across the world. Holds for SSLVPN as well as IPsec VPN.
What you could do is to re-write the local-in policy to only allow access from your own, few addresses. That is, you exchange the geo-based address group with an address group of the WAN addresses for your co-workers. This will work 100% only if they use static addresses.
Apart from that, I don't think that you could do much to keep your logs clean. 2FA is adding another level of security, and quite easy to set up with a FGT/FortiClient. Shifting the VPN port will only temporarily help - the bad ones now know that you run a VPN gateway, once it vanishes a port scan will reveal the new shifted port quickly.
Lastly, you could use certificates instead of passwords. While this would probably be harder to break, it will not reduce the amount of logs, and certs need attention (lifetime, distribution).
"Kernel panic: Aiee, killing interrupt handler!"