Here is the config for Wan1. It is working as far as passing traffic is concerned, however I cannot PING that interface externally (Or internally for that matter) I see that PING is enabled, what else am I missing?
If you've already verified that the ICMP packets are reaching the device (using the console sniffer, naturally) then this is pretty much your next step. It'll be really arcane to look at, but... try these in the console, then ping...
diagnose debug flow filter daddr 18.104.22.168
diagnose debug flow filter proto 1
diagnose debug flow trace start 10
diagnose debug enable
These will make the Fortinet spew to the console every little thing it knows or decides about the packet, and is mostly readable by the very brave. You can also add a source address (saddr) criteria if you know what the source IP address should show up as.
To expand on this correct answer you need to look at your VIPs and find the one that is mapping one-to-one your WAN1 interface IP to the internal address 10.2.0.2. This VIP is causing all traffic destined to WAN1 int IP to go to 10.2.0.2.
You probably want to adjust the VIP to be a port-based VIP so it's not hijacking your entire WAN IP.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.