Hello Jack, Yes this is possible. When you configure the SSL VPN Portal
disable the split tunneling. After that configure a firewall policy
allowing traffic from ssl.root interface to your Internet interface with
NAT enable. I hope this can help you!...
What Fortinet recommend when you have a lot of VLANS is just what
red.adair said, put each VLAN in a separate L2 forwarding domain.
http://docs.fortinet.com/fgt/techdocs/fortigate-vlans-vdoms.pdf Page 195
