SImple port forwarding? And I don't see anything in logs.

I just got a Foritgate 30E to replace a ZYwall USG 50.

I would guess that this must have been asked 100 times, but it seems so simple and I'm stuck.

I am trying to external traffic to a DNS server.  I tried based on the docs (no response from outside), and then this video: https://forum.fortinet.com/tm.aspx?m=126167 which had me do the exact same thing I had already done.  I triple checked every setting and it matches the video exactly except of course for IP addresses, ports, and services.

In this case I have 2 VIPs - one for TCP port 53 and one for UDP port 53.  These are combined into a group which is used in the IPv4 policy as the destination, the service chosen is "DNS", which includes both TCP and UDP for port 53 .

And yet no traffic gets forwarded.  Worse, the logs are completely blank, even though *I think* that I have have logging turned on.

Personal note: I'm a bit worried at this point; I can't get simple port forwarding or logging working and my next task is site to site IPSec VPN, which is always a hassle.

Fortinet is brand new to me, although I've configured the same functions on many other firewalls, including Zywall, WatchGuard, etc.  I hope someone can help me here.

Lastly, shouldn't the default be to log everything locally to start?