I have created vpn for native windows client during a setup I chose subnet range for a client, now I need to change that settings but I don't see that setting in tunnel settings, even in CLI I don't see this, where it is applied?
This will enforce l2tp to use IPSec and you already created it on Fortigate. After making the above changes L2tp will only allow connection using the "L2TP/IPSec with pre-shared key" under the VPN settings on windows.
That suggests that your client might be using pure, !!! UNENCRYPTED !!!, L2TP. This would be a pretty bad idea, as pure L2TP doesn't really provide any security. ("set enforce-ipsec enable" refuses plain L2TP and mandates its encapsulation in IPsec)
You can try confirming that by making a packet capture of the client's traffic.
If it's UDP ports 500/4500, then that's IKE negotiations, meaning they're using IPsec with presumably L2TP inside afterwards. If it's UDP/1701, then that's plaintext L2TP (bad).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.