In policy-based mode, putting the VIP in the 'destination' field of a firewall policy is unnecessary. FortiGate will perform port forwarding as long as the VIP is in place.

In this example, it is configured to forward port 22 to 10.0.0.1.

To create a VIP object, go to Policy & Objects -> DNAT & Virtual IPs and select 'Create New'.

It is also necessary to make sure that there is an allowed policy under SSL Inspection & Authentication. Otherwise, the traffic will hit the implicit deny rule.

In the example below, the ‘Default’ policy is allowing any to any.

Below is the debug flow output showing that the traffic is being NATed from 10.9.31.3 to 10.0.0.1 correctly. Policy-1 represents the ‘Default’ policy.

Note:
FortiGate in NGFW (policy mode) has no proxy feature available. All traffic is handled by the IPS engine in pure flow mode so proxy features on the Virtual Server like for example http-redirect option are not available in the HTTP virtual server when using NGFW policy mode.