Diagram:

Configure IPsec VPN on both sides to establish the VPN tunnel so that the remote side of FortiGate can be accessible.

(Reference link: Technical Tip: How to configure VPN Site to Site between FortiGates (Using VPN Setup Wizard))
An IPsec tunnel is established between site A and site B. Traffic for the remote network will flow via a VPN tunnel.

Configuration of FortiGate interface on site A for port 5 with IP address 172.16.10.10:

Configure site B FortiGate for port 5 with IP address 172.16.20.10 and enable the following administrative access on the interface:

Enable Telnet on port 5 interface for remote access. After enabling Telnet, check reachability via ping from Site A to Site B FortiGate for port 5 interface Ip 172.16.20.10:

Reachability is there from Site A 172.16.10.10 to Site B 172.16.20.10. Do Telnet to access Site B FortiGate CLI on Site A FortiGate:

Site B FortiGate CLI is now accessible on-site A FortiGate CLI.

Note:

The interesting subnet information has to be added in Phase2 IPsec selectors of the tunnel.
In the above scenario, the interesting networks are 'IP-172.16.10.10' and 'IP-172.16.20.10'.

In addition to this way to access, a remote site via the IPSec tunnel, another method can be used.

The IP addresses can be assigned on the IPSec tunnel interfaces as per the KB article: Configure-IP-address-on-an-IPSec-tunnel-interface 

Once the IP addresses and the access rights for SSH are configured on the IPSec tunnel, the IPSec tunnel can be reached from the remote end.