Hello,
With current setup, the best option is to change the policy settings. There is no option like VPN filter present on other vendor boxes.
Alternatively you can configure a route based VPN instead and either set proxy-id with single IP behind client to resources behind HQ site.
Regards,
Rushi