There's currently an existing bug (confirmed through support up to firmware v9.602) that causes the SSL VPN daemon to disconnect any users associated with a VPN Profile that has a DNS Host object in its networks.
The UTM will check for updates on DNS hosts periodically (every 2-3 minutes) and any associated VPN Profile will perform rolling restarts on it's users.
This only causes a few seconds of delay for end users as the clients usually connect without issue but it can be very disruptive.
Have VPN Profiles only reconnect/restart only if a dynamic object (DNS Host or even a static one pushed out via SUM) actually changes value. At the moment it appears to only check if an object is updated/removed rather than if the change would have affected the corresponding routing rules for the client.