Problem - Access from VLAN2 (WAN2) to VLAN1 (WAN1)
On the Fortigate 80E (ver7x) we need to set up access from VLAN2 (WAN2 / ISP2) to VLAN1 (WAN1 (ISP1).
On the firewall we have two Internet connections (WAN1 and WAN2) and internal networks VLAN1 and VLAN2. Under VLAN1 is an internal HTTPs server (accessible from the Internet via DNAT), assigned to WAN1. Under VLAN2 is the guest network, assigned to WAN2 (another ISP). Now we need to access this HTTPs server from guest VLAN2/WAN2 but we are not able to do it. We've tried something within the firewall and address translation, but to no avail / I'm out of ideas.
Since it's inside of one physical FGT, unless you split two wan interfaces to two VDOMs, wan1's interface IP is directly connected and reachable from VLAN2 as long as you have a policy VLAN2->wan1. Can you ping from a VLAN2 device to wan1 IP after placing a policy?
After that, you need to do "flow debug" how the FGT is handling the traffic from VLAN2 to VLAN1 via VIP.
By the way, to set VLAN1 to use wan1 and VLAN2 to use wan2, you don't have to have a policy route. By having two default routes to both wan1 and wan2 you can use just firewall policies to dictate which wan interface to use for the internet. Policy routes cause necessity of another policy route like this, then another one when you need to change something, and again and again. I call it "policy route jail". If possible, better avoid using it.