I'm managing a Fortigate 500E (firmware v5.4.8,build4108 (GA)).
Port7 has been connected to a switch and "multiplied" using VLANs.
The subinterface "Telecontrollo" is connected to a subnet where is present only a PC reachable via RDP and HTTP.
I created, without any trouble, all the rules necessary for the PC to be reachable from the internet via public IP and VPN.
The strangest thing is that the policy #135, the simplest of them all, which should permit the traffic from the LAN to the Telecontrollo subnet doesn't work. I debugged the packet's path on the firewall and they are sent to the WAN interface (port2) instead of port7, even though the routing is properly set.