I hope I get what your question is about - if not, please clarify.
How do you block ping (ICMP) from WAN to internal?
well, as long as you don't ALLOW it explicitly it won't reach your servers. I assume you have VIPs for remote access to internal servers. If these VIPs are port forwarding ICMP is not translated unless you set the 'set protocol icmp' option. Same for the policy the VIP is used in, if 'service' doesn't contain ICMP/ping this traffic will be blocked.
ping from internal host to internal host/server
This is different. As long as both hosts are within the same subnet their traffic will not cross the FGT, and thus cannot be controlled. This is the main reason why you would put a server (or a server farm) onto it's own subnet and FGT port - full control on the traffic going to and coming from the servers.
If your main concern is ICMP flooding (port scans using ICMP) then primarily the same applies. You only have to take action if you want to allow pings by default. Then, ICMP flooding can be caught by a DoS sensor.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.