Problem with VPN - Traffic for dmz website routes internal and not outside.

Hello.

i have a fortigate 500D with FortiOS v5.4.6,build1165.

We have Client VPN to our network.

In some cases we have the problem, that the vpn user is open an internal website and then the website is unreachable.

In FortiAnalyzer I can see, that the public ip is route to internal vlan in the dmz. So I get a policy violation, because the rule is unavailable. But why get the public ip in the vlan of the dmz.

I have a Screenhot attached.

I hope it is not explained too complicated.

Kind regards

Tobias