Routing from internal to DMZ

Hi any help would be greatly appreciated. I have a fortigate 60b 3.0 MR5 Patch 3. I have created a DMZ where I am placing a webserver. My config is as follows. WAN 1 *.*.*.* (external ip address) DMZ 10.10.10.0 LAN 192.168.0.0 External traffic can reach my DMZ ok, I have configured this the following way. create a VIP mapping the external address on WAN 1 to an ip address inside my DMZ. Create a custom service group and added the required services. Created a firewall policy source = WAN1 source address = All. Destination interface = DMZ destination address = VIP configured earlier, service = custom service group configured earlier. What I need to do is allow traffic either way between my internal network and the DMZ, mainly RDP and port 5432. I' ve tried to add a similar firewall policy as above but using internal but can' t seem to get it to work. I' m not sure if I need to setup a route of some sort, I' ve tried adding a route but this doesn' t appear to work either, so maybe I' m doing it wrong. An idiots guide to doing this would be great if one of you could help me. Cheers