Mgmt port1 vlan, can ping out but can't ping in from remote

I'm trying to setup inband management using vlan 333, I can only ping out but can't ping in from remote location.

PC -> Juniper NFX250 -> fortinet

below is my setup:

FortiGate-VM64-KVM (interface) # show
config system interface
    edit "port1"
        set vdom "root"
        set allowaccess ping https ssh http fgfm
        set type physical
        set role wan
        set snmp-index 2
    next
    edit "port2"
        set vdom "root"
        set type physical
        set snmp-index 3
    next
    edit "port3"
        set vdom "root"
        set type physical
        set snmp-index 4
    next
    edit "ssl.root"
        set vdom "root"
        set type tunnel
        set alias "SSL VPN interface"
        set snmp-index 1
    next
    edit "vlan333"
        set vdom "root"
        set ip 10.92.24.106 255.255.255.0
        set allowaccess ping https ssh http fgfm
        set role lan
        set snmp-index 5
        set interface "port1"
        set vlanid 333
    next
end

when I ping from outside world, it shows packets coming in but not coming out...

FortiGate-VM64-KVM # diag sniffer packet any "icmp" 10.92.24.106
interfaces=[any]
filters=[icmp]
3.349901 10.88.233.1 -> 10.92.24.106: icmp: echo request
4.357697 10.88.233.1 -> 10.92.24.106: icmp: echo request

FortiGate-VM64-KVM # get system status
Version: FortiGate-VM64-KVM v5.4.4,build7605,170208 (GA)