This might be a bit of a shady suggestion.. but what if you make a GRE
or IPsec tunnel från a local loopback/physical interface of the client
fortigate and route it through the SSL VPN tunnel? I guess that could
solve your issue.
Now that I think about it, check the NSE4 material. It has a section
about Fortigate as an IPsec client and having devices behind it. Maybe
there's a good answer in that training.
This looks amazing! I've always missed this feature. We always talk
about using local-in policys but they are always very hard to "grip".
This helps for sure! Thanks for your contribution Danny!