You may consider to sniff the traffic (diagnose sniffer packet any 'host <server IP>' 4 0 a) and try to trigger the issue. It will help to check whether URL is resolved and TCP and TLS (if applicable) sessions are established.
I make this command on FortiG1(Site1) and then i opned url
023-01-13 09:57:00.683389 Internetl-link out 77.245.x.x.2156 -> 10.0.4.7.8080:: syn 2181435520 2023-01-13 09:57:01.675735 Internetl-link out 77.245.x.x.2156 -> 10.0.4.7.8080: syn 2181435520 2023-01-13 09:57:03.675734 Internetl-link out 77.245.x.x.2156 -> 10.0.4.7.8080: syn 2181435520 2023-01-13 09:57:07.685737 Internetl-link out 77.245.x.x.2156 -> 10.0.4.7.8080: syn 2181435520
This IP 77.254.x.x. im using to login to SSL VPN Portla
Shouldn't FortiG1 change public ip for some privet IP ??
There can be potentially issue with routing. Based on the name "Internetl-link" I would assume it is WAN interface. You can check whether specific route towards the server exists "get router info routing-table details 10.0.4.7".
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.