Traffic topology :

10.10.10.10 (Private IP) --- FGT A --- (IPSEC) --- Router/Firewall --- (Public IP) 20.20.20.20.

Here:

10.10.10.10  is the Private IP.

20.20.20.20 is the Public IP.

It is necessary to verify that IPsec is up on both sides and that both IPs 10.10.10.10 and 20.20.20.20 are in Phase 2 selectors on both sides.

Then, create the static route with a lower Administrative Distance than the Default Route.

config router static

    edit "5"

        (5) # show
            config router static
                edit 5
                    set dst 20.20.20.20 255.255.255.255    -> Destination public IP.
                    set distance 5                         -> Lower AD then default route.
                    set device "test"                     -> Interface name.
                next
end

Now, it is possible to configure the policy route, to make sure traffic coming from 20.20.20.20 toward 20.20.20.20 always uses the IPsec interface:

config router policy

    edit "1"

        (1) # show
            config router policy
                edit 1
                    set input-device "internal"
                    set src "10.10.10.10/255.255.255.255"         -> Source IP.
                    set dst "20.20.20.20/255.255.255.255"         -> Destination IP.
                    set output-device "test"                      -> Interface name.
                next
end

It is possible to further verify with the command get router info command to see the routing status:

It is possible to see that 20.20.20.20 is known through the tunnel interface as required.