I would also highly recommend you patch to 6.4.2 or 6.4.3, likely not related to this specific problem, but you will hopefully avoid others

Updated to FortiOS v6.4.3 build1778. Ping is allowed everywhere. "trusted hosts on the admin accounts" - where are they located in the GUI? Or customize only in the CLI?

possible via GUI, just look if trusted hosts are enabled on the admin accounts.

if not that is not your issue.

diagnose sniffer packet any 'host 10.0.1.1'

and then performing the ping from the workstation would be an interesting next step

A couple of more thoughts for you.

I take it you don't have vdoms enabled and the two interfaces are in different vdoms?

How about source nat on the relevant firewall rule? 

Also worth seeing how the firewall is handling those packets 

diag debug flow filter addr 10.0.1.1

diag debug flow trace start 50

diag debug en

Trusted hosts in administrator accounts are not enabled.

"diagnose sniffer packets any 'host 10.0.1.1'" - command result "Command fail. Return code -61".

vdoms not included.

he made a little typo it's packet not packets

try

diagnose sniffer packet any 'host 10.0.1.1'

Execution result:

"interfaces=[any]

filters=[host 10.0.1.1] 0 packets received by filter 0 packets dropped by kernel"

assuming you performed a ping it seems the firewall doesn't see it.

can you share the interface config and firewall policy, screenshots might help else CLI output.